asked on

Using Cisco ASA to route between subnets

I have a Cisco ASA 5510 as our firewall/gateway, with inside interface 192.168.1.x. I have two clients that we host servers for, and they are connnected to us through point to point T-1's and then share our internet access. Their subnets are 192.168.2.x and 192.168.3.x. Their connections terminate in our server room with routers that are configured with internal interfaces 192.168.1.100 and 192.168.1.150. I want to use the ASA as the default gateway, but I can't get it to route traffic from 192.168.1.x to 192.168.2.x or 192.168.3.x, even though I specify static routes:
route inside 192.168.2.0 255.255.255.0 192.168.1.100 1
route inside 192.168.3.0 255.255.255.0 192.168.1.150 1
Is it possible to route traffice this way with a single inside interface on the ASA? I'm thinking from what I've read elsewhere, it may not be able to do this without another inside interface.

ASKER CERTIFIED SOLUTION

batry_boy

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

bdeterding

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

davidfretz

ASKER

Thanks to both of you for the input. I think another router is probably the best solution as well, based on what you are saying. The VLAN idea sounds like it would be interesting to try just for the experience since I've never really done anything with VLANs, but probably it sounds like it's not really the best solution. Right now I'm using our Windows SBS to route, but that's probably worse than the VLAN scenario as far as best practice goes. The ASA replaced an old Window NT Checkpoint firewall that did everything, so that's why I'm faced with the issue.

batry_boy

Good luck with it! You'll be much happier down the road with implementing an internal router.