[c-nsp] ASA and redirects?

Patrick Vanderstocken patrhak at gmail.com
Tue Jul 17 09:38:49 EDT 2007


I think the intra-interface argument applies only to incoming VPN
connections that need to send encrypted or unencrypted traffic back
through the same interface.

inter-interface on the other hand is not specific to VPN connections.

I don't think it is allowed to redirect traffic by having hosts
pointing first to the ASA and having the ASA routing the traffic back
to another gateway using the same interface...

Pat

On 7/17/07, Sven Juergensen (KielNET) <s.juergensen at kielnet.de> wrote:
> Hi list,
>
> is it possible to set the ASA to
> allow ICMP redirects? The
> same-security-traffic permit intra-interface
> including routes and policies doesn't
> really help: traffic gets either denied
> or the portmap translation creation failed.
>
> Is it possible to route/redirect through a
> single interface at all?
>
> Thanks and best regards,
>
> sven03
>
> --
> Mit freundlichen Gruessen
>
> i. A. Sven Juergensen
>
> Fachbereich
> Informationstechnologie
>
> KielNET GmbH
> Gesellschaft fuer Kommunikation
> Preusserstr. 1-9, 24105 Kiel
>
> Telefon : 0431 / 2219-053
> Telefax : 0431 / 2219-005
> E-Mail  : s.juergensen at kielnet.de
> Internet: http://www.kielnet.de
>
> AS# 25295
> Key fingerprint:
> 65B6 90FC 010A 39CE DCA5  336D 9C45 3B7A B02D E132
>
> Geschaeftsfuehrer Eberhard Schmidt
> HRB 4499 (Amtsgericht Kiel)
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list