<div>
I've seen this problem when the address of the ASA is used as the default gateway, instead of the internal router.<br />
<br />
The thing to remember here, is that the ASA is a firewall first, last, and always. &nbsp;It wants all traffic to be part of an established TCP session. &nbsp;Using it as a router breaks that paradigm.<br />
<br />
<br />
Session initiates: &nbsp;Host A -&gt; ASA -&gt; Router -&gt; Host B <br />
Traffic returns: &nbsp;Host B -&gt; Router -&gt; Host A<br />
Session blocked: &nbsp;Host A -&gt; ASA (is not aware of the established session)<br />
<br />
Or<br />
<br />
Session initiates: &nbsp;Host B -&gt; Router -&gt; Host A<br />
Return traffic blocked: &nbsp;Host A -&gt; ASA (Never saw the original SYN packet)<br />

</div>


<div>
Exactly, the information I needed, and quick! Thanks.
</div>


<div>
<div class="content wysiwyg-content">
I am trying to understand the ASA. I have seen two ASAs, a 5505 and a 5510, that block traffic when there are multiple subnets behind the internal interface. For example, the internal interface of the ASA is configured for 192.168.0.0/24. There is another router (192.168.0.254) on the subnet that acts as a gateway to another subnet, 192.168.1.0. It is possible to ping between subnets, but all other traffic fails. Why would this be? What information can I provide? All help is greatly appreciated.
</div>
</div>


I am trying to understand the ASA. I have seen two ASAs, a 5505 and a 5510, that block traffic when there are multiple subnets behind the internal interface. For example, the internal interface of the ASA is configured for 192.168.0.0/24. There is another router (192.168.0.254) on the subnet that acts as a gateway to another subnet, 192.168.1.0. It is possible to ping between subnets, but all other traffic fails. Why would this be? What information can I provide? All help is greatly appreciated.

Cisco ASA 5510 blocking internal traffic

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).