10-24-2016 10:19 AM - edited 03-08-2019 07:54 AM
Hi,
I'm having a hard time understanding a piece of existing configuration that exists in one of my customer’s networks.
The PC (10.0.0.10) is able to reach the server on IP Address 192.168.30.100 over the L2L Tunnel even though the only reference 'Cisco ASA 3' has to the subnet is a static route and a static NAT rule.
The Communication Works both ways, both devices can initiate a session.
Is here someone smarter than me that can point me in the right direction on what’s going on here, I'd like to read up on it, is this type of configuration called something in particular?
Regards,
Tony Curk
Solved! Go to Solution.
10-24-2016 10:54 AM
ASA2(172.16.0.254) send the packets destined to 192.168.30.100 to Switch(172.16.0.1).
The switch then forwards that packet to ASA3(172.16.0.100). This is because its got a more precise /32 static route over the /24 connected router. Length of the route make the difference here.
CF
10-24-2016 10:37 AM
When the traffic from PC to Server hits the ASA3 with a destination IP of 192.168.30.100, then the following event happens:
1) If the ACL permits traffic from the outside interface to inside interface, then the destination IP will be NATed to 10.20.30.100/32
2) Then ASA will try to route the packet. ASA has a connected interface in that VLAN: 10.20.30.0/24. So ASA will ARP for that IP 10.20.30.100 and then will send the packet directly to that server.
CF
10-24-2016 10:48 AM
But what happens in the Switch? Isn't a local connected subnet preferred before a host route?
//T
10-24-2016 10:54 AM
ASA2(172.16.0.254) send the packets destined to 192.168.30.100 to Switch(172.16.0.1).
The switch then forwards that packet to ASA3(172.16.0.100). This is because its got a more precise /32 static route over the /24 connected router. Length of the route make the difference here.
CF
10-24-2016 10:58 AM
So it's that easy..
I would have added an interface in Subnet_B on the Firewall. Never firgured you could do NAT for non connected subnets in the ASA.
10-24-2016 11:05 AM
Yes!
Please mark this thread as closed if all your queries are cleared.
CF
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide