Route forwarding thru ASA 5510

We have a ASA 5510 on our network we use as our gateway to the internet, Now we have added another network with a router between us and it (cisco 1812). we can access their network when we add a static route on the machine to pint the network to our router
I dont want to keep adding static routes on the machine. I want the Pix to handle it.
I added a static route to the pix and that doesnt seem to work.
Can anyone help me see what I am missing.

ASA Version 8.2(1)
hostname ciscoasa
enable password xxxx encrypted
passwd xxxx encrypted
interface Ethernet0/0
 nameif Outside
 security-level 0
 ip address xx.xx.151.106
interface Ethernet0/1
 no nameif
 no security-level
 no ip address
interface Ethernet0/2
 no nameif
 no security-level
 no ip address
interface Ethernet0/3
 nameif Inside
 security-level 100
 ip address
interface Management0/0
 nameif management
 security-level 100
 ip address
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
pager lines 24
logging asdm informational
mtu management 1500
mtu Inside 1500
mtu Outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 1
route Outside 1
route Inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http management
http Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet Inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username xxxxxx password xxxx encrypted privilege 15
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
: end
Who is Participating?
Ken BooneConnect With a Mentor Network ConsultantCommented:
so I think its like this:

ASA Inside Interface
10.0.0.x network
1841 router interface
1841 router 10.1.1.x interface
10.1.1.x network

If my drawing is correct then this is what needs to happen:

#1) all users on 10.1.1.x network have default gateway of 10.1.1x interface on 1841 route
#2) 1841 router has default route pointing to interface of ASA
#3)  ASA needs static route to 10.1.1.x pointing to 10.0.0.x interface of 1841 router
   (looks like you got this)
#4)  if the 10.1.1.x network needs to get to the internet you need to allow them to nat:
nat (inside) 1

That should do it.
Ernie BeekExpertCommented:
Well the ASA is a firewall, not a router.
Don't you use dhcp on your network? You could easily let the dhcp server hand out that route.
This is the good old same-security-traffic permit intra interface command it lets the traffic turn around at the interface, otherwise it will not be able to re-route the traffic back through the same subnet, this is a standard issue with ASA and hairpin routing, that command should make that work for you.

Cheever000Connect With a Mentor Commented:
To add on here is an article explaining the use of same-security-permit intra-interface commands
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.