Cisco ASA 5505 and access list configuration

nobs
nobs used Ask the Experts™
on
I am currently connected to my branches via a router which has both internal and external interface, internal interface is 10.0.1.1, external interface 192.168.0.0, the other router is 192.168.2.0 and the last one 192.168.3.0. Only machines that can connect to these sites are those that have a gateway pointing to the internal interface of the router 10.0.1.1 located at head office.

I currently have an ASA 5505 which acts as a gateway to all internal clients, and can browse the internet but cannot access anything on the 192.168.0.0 with the 10.0.1.100 gateway, unless i change it to 10.0.1.1 but i wont be able to access the internet.
 

how do i allow  LAN via the ASA with the gateway of 10.0.1.100 to access a those routers
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2009
Commented:
You can't use the ASA for routing to the branch unless you disable TCP state checking (have to be running 8.2(1) or higher (there is other configuration in addition).

You can use the router as the default gateway for the head office and continue to use Internet by simply adding a default route to the router pointing to the ASA (10.0.1.100).

ip route 0.0.0.0 0.0.0.0 10.0.1.100

The best option is to have a layer3 switch at the head office that makes all the routing decisions.
Commented:
Greetings, nobs!

JF is correct.  The ASA cannot route traffic sourced from clients on the inside interface to another network behind the same interface.  All hosts on the 10.0.1.0 subnet should use 10.0.1.1 as their gateway.  The 10.0.1.1 router needs the route statement that JF provided above.  That should provide all hosts on the 10.0.1.0 network the ability to communicate to the branches through the 10.0.1.1 router and communicate outside through the 10.0.1.100 ASA by way of the 10.0.1.1 router.

Author

Commented:
The solution was enlightning. Thank you Guys now i can take this up with the service provider that provided me with VPN solution to remote sites

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial