Solved

Can the ASA redirect traffic to another device on same LAN?

Posted on 2008-11-01
3
1,622 Views
Last Modified: 2012-05-05
Imagine three devices on the inside LAN of a Cisco ASA.  And there is a remote WAN site 10.1.2.0/24.  

A  10.1.1.1 is the ASA and is the gateway to the Internet.
B   10.1.1.5 is a Cisco 2811 router with a WAN connection to another site.
C   10.1.1.100 is a workstation - say a Windows PC.

Station C has a default gateway of 10.1.1.1 and pings 10.1.2.200.  Will the ASA station A direct the packet to the 2811 station B for delivery to the remote WAN site?  Or is it the case that a packet that enters
and interface on an ASA can not come back out to another device on the LAN?  Any reference would be appreciated.  Thank-you.
0
Comment
Question by:amigan_99
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 22858753
>>Station C has a default gateway of 10.1.1.1 and pings 10.1.2.200.  Will the ASA station A direct the packet to the 2811 station B for delivery to the remote WAN site?  Or is it the case that a packet that enters and interface on an ASA can not come back out to another device on the LAN?

It is the latter case.  The packet will not come back out the same interface that it entered.  There is an exception to this rule, but it is for VPN traffic only, not for the type of traffic that you are talking about.  You need a true router to perform this type of routing.  You can always set the 2811 router as your default gateway for all of the 10.1.1.x hosts, but you may not want to do this in your scenario.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 22858832
Thanks batry - I seemed to recall that was the case - as you describe.  The other option I have in this case is to make the 3750 switches route in addition to switching.  I purchased enhanced image so that's likely what I will do when it's time to implement.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 31512367
Thank-you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question