08-22-2014 08:35 AM - edited 03-07-2019 08:29 PM
Hi,
We have ASA 5505 setup at a client site and have just installed a new VoIP system. The phones/telco server are on VLAN200 at 10.20.6.0/24, computers on VLAN1 at 172.20.6.0/24.
We need to be able to route traffic from VLAN1 to VLAN 200. I went ahead and added a static route for all phone network traffic to hit .254 (phone server) as gateway to the telco network:
route inside 10.20.6.0 255.255.255.0 172.20.6.254 1
I am having trouble getting the proper ACL in place to support this, currently any traffic from VLAN1 to VLAN200 is getting denied:
%ASA-3-106014: Deny inbound icmp src inside:172.20.6.172 dst inside:10.20.6.254 (type 8, code 0)
Any help in putting together the ACLs for this would be greatly appreciated!
Thanks!
08-22-2014 09:12 AM
I am not sure that this is really an ACL issue. It looks like the traffic arrives on interface inside and should forward out interface inside. By default the ASA does not want to forward traffic out the same interface that it arrived on. Try this command and see if things work better
same-security-traffic permit intra-interface
HTH
Rick
08-22-2014 11:45 AM
Hey Rich,
You are the best, that was it. Was driving me nuts!
Have a great weekend!
Regards,
Jon
08-22-2014 12:13 PM
Jon
I am glad that my suggestion did turn out to solve your problem. Thanks for posting back to the forum to confirm that this was the issue.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide