Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
5
Replies

Please Respond Immediately

Go to solution
ray_stone
Level 1
Level 1

‎06-16-2011 12:13 PM - edited ‎03-11-2019 01:46 PM

Hello Experts:

We have one ASA and one router conected with unmanaged switch and the same switch is connected with ISP router. The ISP router, our router and ASA outside interface has Public IP Address configured as follow:

1)  ASA outide : 1.1.1.1/24

2) Our Router  : 1.1.1.2/24

3) ISP router   : 1.1.1.3/24

Our router, the route is added to point the firewall IP 1.1.1.1 and on ASA a route is added of ISP router 1.1.1.3. Now traffic should go like that---- our router ---- ASA----- ISP router.

There is a STS tunnel created on our router with external partner which traffic i can see hitting on ASA firewall but it's being denied "1.1.1.2 upd/500 and destination is external partner IP Address, outside interface"

Now we want that ASA bypass the traffic of our router to ISP router which is not being done and your help is required.

Please help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mvsheik123
Level 7
Level 7

‎06-16-2011 12:19 PM

Hello,

Iam not much familiar with this kind of setup, but on ASA make sure 'same-security permit intra-interface & same-security permit inter-interface'  enabled.

hth

MS

View solution in original post

0 Helpful
5 Replies 5

Go to solution
mvsheik123
Level 7
Level 7

‎06-16-2011 12:19 PM

Hello,

Iam not much familiar with this kind of setup, but on ASA make sure 'same-security permit intra-interface & same-security permit inter-interface'  enabled.

hth

MS

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to mvsheik123

‎06-16-2011 12:36 PM

Yes, correct but can someone tell me what is a use of this commands in details and when i turned on this commands then I need to make a access list on outside interface of firewall to allow the traffic from our router IP Address IP to any traffic then the communication works where I am confused, why?

0 Helpful

Go to solution
fgasimzade
Level 4
Level 4

‎06-16-2011 12:36 PM

You need to permit UDP 500 on your ASA''s outside interface, if I correctly understand your network diagram.

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to fgasimzade

‎06-16-2011 12:38 PM

Why, even the route is placed on firewall and if we use the router instead of firewall then do we still need to make a access list to allow the UPD traffic, if not then what is a diference here between router and firewall conf?

0 Helpful

Go to solution
fgasimzade
Level 4
Level 4
In response to ray_stone

‎06-16-2011 12:41 PM

No, there is no need for access-list if you use only router.

On ASA, you need to permit traffic, if it comes to outside interface. ASA is not a router, it is a firewall with routing capabilities

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card