Trying to get ASA's to route

joelgooding · ‎11-15-2012

ok, the situation is that for a customer's WAN solution, instead of buying routers, purchasing department bought ASA's (don't even get me started!). So I have 5 ASA 5505's for the branch offices and one 5510 for the Head Office. I am trying to get them to behave like routers and pass the traffic across. I set up a lab with a 5505 and the 5510 using an ethernet cable for both Outside interfaces since the WAN links are going to be MetroEthernet Layer 2 anyway.

I tried static routes, dynamic routing, I followed examples from other persons who did it and it doesn't work. I attached the configs here to show I have the default routes, specific static routes pointing the traffic out, any any rules configured as well. I cannot ping from the internal lan of the 5505 to the internal lan of the 5510. It maybe something silly I am missing or not doing. Can someone please assist? Below is the setup.

Joel _______________________________ Please rate helpful posts and answered questions!

joelgooding · ‎11-15-2012

Ok. Figured it out. problem is two fold:

1. Ensure that the correct license is on the box. I had the base license on the 5505's which mean that I could not use mutiple vlans/sub interfaces.

2. The ability for the box to pass traffic from one interface of the same security level to another of the same security level has to be configured using the line:

(config)#same-security-traffic permit intra-interface

Then the security policies have to be defined to let specific traffic from the inside and outside defined networks pass. This has to be ammended to include icmp traffic since by default it does not allow it.

Whew..Solved it!

Joel _______________________________ Please rate helpful posts and answered questions!