Cisco ASA 5505 and access list configuration

nobs used Ask the Experts™
I am currently connected to my branches via a router which has both internal and external interface, internal interface is, external interface, the other router is and the last one Only machines that can connect to these sites are those that have a gateway pointing to the internal interface of the router located at head office.

I currently have an ASA 5505 which acts as a gateway to all internal clients, and can browse the internet but cannot access anything on the with the gateway, unless i change it to but i wont be able to access the internet.

how do i allow  LAN via the ASA with the gateway of to access a those routers
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2009
You can't use the ASA for routing to the branch unless you disable TCP state checking (have to be running 8.2(1) or higher (there is other configuration in addition).

You can use the router as the default gateway for the head office and continue to use Internet by simply adding a default route to the router pointing to the ASA (

ip route

The best option is to have a layer3 switch at the head office that makes all the routing decisions.
Greetings, nobs!

JF is correct.  The ASA cannot route traffic sourced from clients on the inside interface to another network behind the same interface.  All hosts on the subnet should use as their gateway.  The router needs the route statement that JF provided above.  That should provide all hosts on the network the ability to communicate to the branches through the router and communicate outside through the ASA by way of the router.


The solution was enlightning. Thank you Guys now i can take this up with the service provider that provided me with VPN solution to remote sites

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial