cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
76
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA ACL for new Route

Hi,

 

We have ASA 5505 setup at a client site and have just installed a new VoIP system.  The phones/telco server are on VLAN200 at 10.20.6.0/24, computers on VLAN1 at 172.20.6.0/24.

 

We need to be able to route traffic from VLAN1 to VLAN 200.  I went ahead and added a static route for all phone network traffic to hit .254 (phone server) as gateway to the telco network:


route inside 10.20.6.0 255.255.255.0 172.20.6.254 1

 

I am having trouble getting the proper ACL in place to support this, currently any traffic from VLAN1 to VLAN200 is getting denied:

%ASA-3-106014: Deny inbound icmp src inside:172.20.6.172 dst inside:10.20.6.254 (type 8, code 0)

 

Any help in putting together the ACLs for this would be greatly appreciated!

 

Thanks!

 


 

Everyone's tags (1)
3 REPLIES 3
Highlighted
Hall of Fame Master

I am not sure that this is

I am not sure that this is really an ACL issue. It looks like the traffic arrives on interface inside and should forward out interface inside. By default the ASA does not want to forward traffic out the same interface that it arrived on. Try this command and see if things work better

same-security-traffic permit intra-interface

 

HTH

 

Rick

HTH

Rick
Highlighted
Beginner

Hey Rich,You are the best,

Hey Rich,

You are the best, that was it.  Was driving me nuts!

Have a great weekend!

Regards,

Jon

Highlighted
Hall of Fame Master

Jon I am glad that my

Jon

 

I am glad that my suggestion did turn out to solve your problem. Thanks for posting back to the forum to confirm that this was the issue.

 

HTH

 

Rick

HTH

Rick
CreatePlease to create content
Content for Community-Ad