Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
5
Replies

Routing question in ASA 5500!

cisco7889
Level 1
Level 1

‎12-06-2005 02:46 AM - edited ‎02-21-2020 12:34 AM

Hello!

I have a question about routing function in ASA 5500. scenario: The asa (inside int 192.168.1.1) acts default gateway for all inside nodes. We have also another network on the inside (192.168.2.0), can the asa route traffic to this net via only the inside interface (192.168.1.1) i know that the pix dose NOT support this routing scenario, will the asa do it??

Regards /Jonny

0 Helpful
5 Replies 5

jackko
Level 7
Level 7

‎12-06-2005 05:27 AM

you may give the command "same-security-traffic permit intra-interface" a go.

however, according to the command reference, it supports ipsec packets only: "Permits communication in and out of the same interface when traffic is IPSec protected."

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00804527dc.html#wp1002608

0 Helpful

watson.daniel
Level 1
Level 1
In response to jackko

‎02-01-2006 02:41 PM

No that didn't work

0 Helpful

sachinraja
Level 9
Level 9
In response to watson.daniel

‎02-02-2006 08:23 AM

Not sure if this will work for IP traffic !!! you can either create a seperate vlan on the PIX for this and route between interfaces or use some other layer 3 device to redirect the traffic... as Jacko said, this might work well for IPSEC traffic....

hope this helps...

Raj

0 Helpful

jackko
Level 7
Level 7
In response to jackko

‎02-03-2006 04:12 PM

i did test the command "same-security-traffic permit intra-interface" and it will not work with any traffic other than crypto traffic.

0 Helpful

timdeadman
Level 1
Level 1

‎02-03-2006 02:38 AM

Jonny,

We have done this by using sub-interfaces, but assuming you have only the 192.168.1.x network connected to the ASA, you can add a static route to point 192.168 2.x packets to the router connecting the two interfaces.

Cheers

Tim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card