Send to other gateway in the inside network

RafaelAguilar · ‎04-12-2019

Hello everyone,

I have a very specific scenario here. We have two gateways in my internal LAN, the two are currently linux and I plan to migrate one of them to an ASA 5506.

The problem is: I have a situation that I need to push a connection between the two without changing the network clients.

The gateways are 192.168.1.1 and 192.168.1.2;

The machines are configured to have 192.168.1.1 as the gateway;

The final destination is 10.0.0.1 and is accessible by both gatways.

In linux I can change by doing at the gateway 192.168.1.1 like this: A route rule, with the gatway being 192.168.1.2 and a NAT rule changing the source to 192.168.1.1.

My question is, is there any way to do this on ASA? When I try to make the NAT rule the ASA gives me an error because the NAT source and destination are the internal card.

nat (any,inside) 6 source dynamic any interface destination static TerminalEXT TerminalEXT

nat (any,inside) 6 source dynamic any interface destination static TerminalEXT T ^erminalEXT

ERROR: % Invalid input detected at '^' marker.

joseph.h.nguyen · ‎04-12-2019

You can use hairpin/u-turn technique on your ASA. Read the introduction from https://community.cisco.com/t5/security-documents/hairpin-u-turn-traffic-off-an-interface-on-an-asa-running-8-3-or/ta-p/3129668.

For future improvement, you may want to use DHCP server to enable you the flexibility to make mass changes across network clients if you want.