[c-nsp] ASA Routing Problem

Eric Girard egirard at focustsi.com
Tue Jan 16 13:22:45 EST 2007 

Paul,
	The same-security-traffic inter-interface command would be a
good place to start.  There is also a checkbox in the ASDM on the
interface page I believe.

http://www.cisco.com/en/US/products/ps6120/products_command_reference_ch
apter09186a008063f0fb.html#wp1289167


Eric

Eric Girard
Systems Engineer
Focus Technology Solutions Inc.
http://www.focustsi.com
Phone: (603)766-0000 x 215
Direct:  (617)938-6215
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Tuesday, January 16, 2007 1:13 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA Routing Problem

Hi there...

Hoping an "ASA expert" or PIX guy could answer this... I ran across this
before, searched the list archives and can't find the easy way to do
this...;)

We have an ASA5520 firewall with three GigE interfaces (one outside, one
data, and one voice)....   I want to see traffic between the voice and
data
subnets but cannot at this point.... I'm sure it's something simple?? ;)

interface GigabitEthernet0/0
 nameif Outside
 security-level 0
 ip address xxx.xxx.xxx.179 255.255.255.240
!
interface GigabitEthernet0/1
 nameif Inside
 security-level 100
 ip address 192.192.61.224 255.255.255.0
!
interface GigabitEthernet0/2
 nameif voice
 security-level 100
 ip address 172.16.254.1 255.255.255.0

access-list ANY extended permit ip any any
access-list ANY extended permit icmp any any

mtu Outside 1500
mtu Inside 1500
mtu management 1500
mtu voice 1500

ip verify reverse-path interface Outside
ip verify reverse-path interface Inside

nat-control
global (Outside) 10 interface
nat (Inside) 10 0.0.0.0 0.0.0.0 dns
nat (voice) 10 0.0.0.0 0.0.0.0 dns
access-group ANY in interface Outside
access-group ANY out interface Outside
access-group ANY in interface Inside
access-group ANY out interface Inside
access-group ANY in interface voice
access-group ANY out interface voice

route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.177 1

Thanks,

Paul Stewart

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list