05-17-2007 11:46 PM - edited 02-21-2020 01:31 AM
Hi,
I would like to use an ASA (7.2) as the DG for clients on a single subnet site. The site does not have a router that i have access to. However, the site also has dedicated circuit connected to the LAN allowing access to several remote sites. However, i have no control of the router.
I would like to add routes on the inside interface of the ASA directing selected traffic to the router.
However, despite setting same-security-traffic inter-interface. I still have problems. Despite explicitly allowing the traffic i see the following syslog messages.
106015|LAN_IP|REMOTE_IP|Deny TCP (no connection) from LAN_IP/3422 to REMOTE_IP/80 flags RST on interface Inside
My questions are -
1) Is what im trying to do possible
2) If yes, what do i need to do to enable it
Cheers
Andy
05-18-2007 01:14 PM
I have been told this is very difficult to do. Supposedly, you can make the ASA route "in and out" of the same interface but it's difficult and not recommended. It's much better to have a router or layer-3 switch internally and have the clients use that as their DG.
05-18-2007 04:20 PM
It is intra-interface, not inter-interface to allow traffic in and out of same interface. Inter is for traffic between interfaces with same security level.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide