Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

ASAv in AWS cannot route on outside interface

Level 1
Level 1



We are setting up an ASAv in AWS and have management access to it but no matter what we try on the ASAv and AWS config we cannot get traffic to route successfully from the ASAv outside interface to the Internet .


The setup so far is that we successfully created the instance, allocated a day0 config and have management (ASDM and ssh) access to the ASAv via an Elastic IP allocated to the management interface, with the management interface set up as -

interface Management0/0
nameif management
security-level 100
ip address dhcp setroute


We have added inside and outside interfaces, allocated them addresses in the private and public subnets in AWS and at the moment allowed all traffic on the outside interface.  another Elastic IP is configured on the outside interface. The routing table in AWS has been set on the outside subnet that the ASAv's outside interface is in and the ARP table shows a mac address for the AWS gateway at when Our outside interface is  With packet captures and ASDM logging we can see traffic arrive on the outside interface and see the ASAv responding and sending traffic back, but that traffic never reaches the internet destination.


The outside interface is configured as follows with the route -



interface GigabitEthernet0/1

 description *** Internet service – AWS Public subnet and Elastic IP ***

 nameif outside

 security-level 0

 ip address

 no shut


route outside 1


as mentioned we have taken packet traces and can see internet traffic directed at the Elastic IP reaching the ASAv's outside interface and being responded to, but that traffic never gets back to the internet destination.


Would really appreciate any help as am completely stuck on this at the moment,




Who Me Too'd this topic