Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
320
Views
0
Helpful
3
Replies

ASA ACL for new Route

jonathanbruck
Level 1
Level 1

‎08-22-2014 08:35 AM - edited ‎03-07-2019 08:29 PM

Hi,

 

We have ASA 5505 setup at a client site and have just installed a new VoIP system.  The phones/telco server are on VLAN200 at 10.20.6.0/24, computers on VLAN1 at 172.20.6.0/24.

 

We need to be able to route traffic from VLAN1 to VLAN 200.  I went ahead and added a static route for all phone network traffic to hit .254 (phone server) as gateway to the telco network:


route inside 10.20.6.0 255.255.255.0 172.20.6.254 1

 

I am having trouble getting the proper ACL in place to support this, currently any traffic from VLAN1 to VLAN200 is getting denied:

%ASA-3-106014: Deny inbound icmp src inside:172.20.6.172 dst inside:10.20.6.254 (type 8, code 0)

 

Any help in putting together the ACLs for this would be greatly appreciated!

 

Thanks!

 


 

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎08-22-2014 09:12 AM

I am not sure that this is really an ACL issue. It looks like the traffic arrives on interface inside and should forward out interface inside. By default the ASA does not want to forward traffic out the same interface that it arrived on. Try this command and see if things work better

same-security-traffic permit intra-interface

 

HTH

 

Rick

HTH

Rick
0 Helpful

jonathanbruck
Level 1
Level 1
In response to Richard Burts

‎08-22-2014 11:45 AM

Hey Rich,

You are the best, that was it.  Was driving me nuts!

Have a great weekend!

Regards,

Jon

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jonathanbruck

‎08-22-2014 12:13 PM

Jon

 

I am glad that my suggestion did turn out to solve your problem. Thanks for posting back to the forum to confirm that this was the issue.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card