[c-nsp] ASA Routing Problem
Paul Stewart
paul at paulstewart.org
Tue Jan 16 13:12:30 EST 2007
Hi there...
Hoping an "ASA expert" or PIX guy could answer this... I ran across this
before, searched the list archives and can't find the easy way to do
this...;)
We have an ASA5520 firewall with three GigE interfaces (one outside, one
data, and one voice).... I want to see traffic between the voice and data
subnets but cannot at this point.... I'm sure it's something simple?? ;)
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address xxx.xxx.xxx.179 255.255.255.240
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 192.192.61.224 255.255.255.0
!
interface GigabitEthernet0/2
nameif voice
security-level 100
ip address 172.16.254.1 255.255.255.0
access-list ANY extended permit ip any any
access-list ANY extended permit icmp any any
mtu Outside 1500
mtu Inside 1500
mtu management 1500
mtu voice 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface Inside
nat-control
global (Outside) 10 interface
nat (Inside) 10 0.0.0.0 0.0.0.0 dns
nat (voice) 10 0.0.0.0 0.0.0.0 dns
access-group ANY in interface Outside
access-group ANY out interface Outside
access-group ANY in interface Inside
access-group ANY out interface Inside
access-group ANY in interface voice
access-group ANY out interface voice
route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.177 1
Thanks,
Paul Stewart
More information about the cisco-nsp
mailing list