Re: routing without a Gateway

ehuarte · ‎09-27-2007

Hi:

I have diferents VLANS interconnected trough a 6506 and an ASA5520 (for the DMZ).

In a DMZ VLAN port of a 3560 I have a machine that hasn't got Gateway. The IP default-gateway is for the rest VLAN's in the inside.

What can I do to connect this machine with http from the inside?

Can you help me?

Thanks. Regards.

jasonbiel · ‎09-27-2007

A system in the DMZ vlan should be using the DMZ interface ip of the ASA for its gateway.

ehuarte · ‎09-27-2007

Yes, it's true.

But the thing is that this equipment; an air conditioning equipment with a network interface, I can't configure a gateway.

I only can configure an IP, Mask, and that's all.

So if I want to access through HTTP from the "inside", how I route the answer ? (without a gateway)

Thanks. Regards.

jasonbiel · ‎09-27-2007

If you want to access this device via HTTP across the inside interface of the ASA, you need to make sure there no are ACLs limiting traffic to / from your inside interface to the DMZ and vice versa.

paul.matthews · ‎09-27-2007

Two suggestions. Set the mask wide and enable proxy arp on the local routing interface.

Alternatively, configure NAT such that any connections coming in for this device appear to be on the local subnet.

Neither of these are great, but they may just give you connectivity.

Danilo Dy · ‎09-27-2007

Edit: Paul already mentioned NAT :)

paul.matthews · ‎09-27-2007

No problem - more people suggesting the same thing adds weight