I have a question about routing function in ASA 5500. scenario: The asa (inside int 192.168.1.1) acts default gateway for all inside nodes. We have also another network on the inside (192.168.2.0), can the asa route traffic to this net via only the inside interface (192.168.1.1) i know that the pix dose NOT support this routing scenario, will the asa do it??
you may give the command "same-security-traffic permit intra-interface" a go.
however, according to the command reference, it supports ipsec packets only: "Permits communication in and out of the same interface when traffic is IPSec protected."
Not sure if this will work for IP traffic !!! you can either create a seperate vlan on the PIX for this and route between interfaces or use some other layer 3 device to redirect the traffic... as Jacko said, this might work well for IPSEC traffic....
hope this helps...
i did test the command "same-security-traffic permit intra-interface" and it will not work with any traffic other than crypto traffic.
We have done this by using sub-interfaces, but assuming you have only the 192.168.1.x network connected to the ASA, you can add a static route to point 192.168 2.x packets to the router connecting the two interfaces.