12-06-2005 02:46 AM - edited 02-21-2020 12:34 AM
Hello!
I have a question about routing function in ASA 5500. scenario: The asa (inside int 192.168.1.1) acts default gateway for all inside nodes. We have also another network on the inside (192.168.2.0), can the asa route traffic to this net via only the inside interface (192.168.1.1) i know that the pix dose NOT support this routing scenario, will the asa do it??
Regards /Jonny
12-06-2005 05:27 AM
you may give the command "same-security-traffic permit intra-interface" a go.
however, according to the command reference, it supports ipsec packets only: "Permits communication in and out of the same interface when traffic is IPSec protected."
02-01-2006 02:41 PM
No that didn't work
02-02-2006 08:23 AM
Not sure if this will work for IP traffic !!! you can either create a seperate vlan on the PIX for this and route between interfaces or use some other layer 3 device to redirect the traffic... as Jacko said, this might work well for IPSEC traffic....
hope this helps...
Raj
02-03-2006 04:12 PM
i did test the command "same-security-traffic permit intra-interface" and it will not work with any traffic other than crypto traffic.
02-03-2006 02:38 AM
Jonny,
We have done this by using sub-interfaces, but assuming you have only the 192.168.1.x network connected to the ASA, you can add a static route to point 192.168 2.x packets to the router connecting the two interfaces.
Cheers
Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide