Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1875
Views
0
Helpful
1
Replies

ASA "route inside 0 0 192.168.1.1 tunneled" interface ACL question

Go to solution
dncainfrastructure
Level 1
Level 1

‎09-12-2013 06:49 PM

Hi,

Quick question around the route inside 0.0.0.0 0.0.0.0 192.168.1.2 tunneled command.

Do you need to add any u-turn traffic to the inside interfaces ACL (eg internet bound http traffic) or does "same-security-traffic permit intra-interface" negate the need for this?

So if my remote vpn site on the outside is 10.1.1.0/24 do I need to add incoming permit statements for the 10.1.1.0/24 on my inside interface.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Koltl
Level 7
Level 7

‎09-14-2013 03:33 PM

same-security-traffic permit intra-interface  allows ingress-then-egress traffic on a single interface

incoming permit 10.1.1.0/24 statement in the ACL   allows (egress-then-)ingress traffic on a single interface, but you need to disable RPF check

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Peter Koltl
Level 7
Level 7

‎09-14-2013 03:33 PM

same-security-traffic permit intra-interface  allows ingress-then-egress traffic on a single interface

incoming permit 10.1.1.0/24 statement in the ACL   allows (egress-then-)ingress traffic on a single interface, but you need to disable RPF check

0 Helpful
Customers Also Viewed These Support Documents