[c-nsp] ASA Routing Problem

Brian Desmond brian at briandesmond.com
Tue Jan 16 13:22:15 EST 2007 

Paul-

Either apply that any/any ACL to your Inside and voice interfaces, or
use the "same-security-traffic permit inter-interface" command on the
pix. 

Thanks,
Brian Desmond
brian at briandesmond.com

c - 312.731.3132


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Paul Stewart
> Sent: Tuesday, January 16, 2007 1:13 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ASA Routing Problem
> 
> Hi there...
> 
> Hoping an "ASA expert" or PIX guy could answer this... I ran across
> this
> before, searched the list archives and can't find the easy way to do
> this...;)
> 
> We have an ASA5520 firewall with three GigE interfaces (one outside,
> one
> data, and one voice)....   I want to see traffic between the voice and
> data
> subnets but cannot at this point.... I'm sure it's something simple??
> ;)
> 
> interface GigabitEthernet0/0
>  nameif Outside
>  security-level 0
>  ip address xxx.xxx.xxx.179 255.255.255.240
> !
> interface GigabitEthernet0/1
>  nameif Inside
>  security-level 100
>  ip address 192.192.61.224 255.255.255.0
> !
> interface GigabitEthernet0/2
>  nameif voice
>  security-level 100
>  ip address 172.16.254.1 255.255.255.0
> 
> access-list ANY extended permit ip any any
> access-list ANY extended permit icmp any any
> 
> mtu Outside 1500
> mtu Inside 1500
> mtu management 1500
> mtu voice 1500
> 
> ip verify reverse-path interface Outside
> ip verify reverse-path interface Inside
> 
> nat-control
> global (Outside) 10 interface
> nat (Inside) 10 0.0.0.0 0.0.0.0 dns
> nat (voice) 10 0.0.0.0 0.0.0.0 dns
> access-group ANY in interface Outside
> access-group ANY out interface Outside
> access-group ANY in interface Inside
> access-group ANY out interface Inside
> access-group ANY in interface voice
> access-group ANY out interface voice
> 
> route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.177 1
> 
> Thanks,
> 
> Paul Stewart
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list