Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3432
Views
0
Helpful
0
Comments

One arm routing and propagation compatibility with ASA 5500

TCC_2
Level 10
Level 10

‎06-18-2009 03:58 PM - edited ‎03-08-2019 06:05 PM

Core issue

One arm routing is not working with ASA 5500

Resolution

One arm routing is not supported in Adaptive Security Appliance (ASA)/PIX Firewall versions earlier than 7.2, which means that they did not have the ability to re-send traffic from the same interface.

This functionality in PIX/ASA version 7.2 requires Network Address Translation (NAT)/Port Address Translation (PAT) to mask the source and ensure the traffic is not asymmetric.

Issue the same-security-traffic command, but with the inter-interface argument, to permit communication between interfaces that have the same security level. This feature is not specific to IPSec connections. The command syntax is same-security-traffic permit {inter-interface | intra-interface}.

This example shows how to enable intra-interface traffic:

hostname(config)# same-security-traffic permit intra-interface

Product Family

ASA Hardware & Software

ASA Models

ASA 5500

Features & Tasks

One Arm Configuration

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents