Solved

Can the ASA redirect traffic to another device on same LAN?

Posted on 2008-11-01
3
1,618 Views
Last Modified: 2012-05-05
Imagine three devices on the inside LAN of a Cisco ASA.  And there is a remote WAN site 10.1.2.0/24.  

A  10.1.1.1 is the ASA and is the gateway to the Internet.
B   10.1.1.5 is a Cisco 2811 router with a WAN connection to another site.
C   10.1.1.100 is a workstation - say a Windows PC.

Station C has a default gateway of 10.1.1.1 and pings 10.1.2.200.  Will the ASA station A direct the packet to the 2811 station B for delivery to the remote WAN site?  Or is it the case that a packet that enters
and interface on an ASA can not come back out to another device on the LAN?  Any reference would be appreciated.  Thank-you.
0
Comment
Question by:amigan_99
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 22858753
>>Station C has a default gateway of 10.1.1.1 and pings 10.1.2.200.  Will the ASA station A direct the packet to the 2811 station B for delivery to the remote WAN site?  Or is it the case that a packet that enters and interface on an ASA can not come back out to another device on the LAN?

It is the latter case.  The packet will not come back out the same interface that it entered.  There is an exception to this rule, but it is for VPN traffic only, not for the type of traffic that you are talking about.  You need a true router to perform this type of routing.  You can always set the 2811 router as your default gateway for all of the 10.1.1.x hosts, but you may not want to do this in your scenario.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 22858832
Thanks batry - I seemed to recall that was the case - as you describe.  The other option I have in this case is to make the 3750 switches route in addition to switching.  I purchased enhanced image so that's likely what I will do when it's time to implement.
0
 
LVL 1

Author Closing Comment

by:amigan_99
ID: 31512367
Thank-you.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cost effective dual wan w/ qos 5 45
Using VMWare Snapshot as Cisco UCM backup method 3 45
cisco sg 200 trunking 4 26
How to setup 3 isps on a redundant mode? 3 30
How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question