Routing traffic to another internal network

Question

OK, so here is the scenario. I have 4 Locations connected with an MPLS. I have installed an ASA at the primary location which is 10.20.1.0. Traffic is fine internally and to the world, however... I can't route traffic over the MPLS to another network. It is being blocked by an implicit deny rule even though there is a rule to allow any to any less secure interface (it should be using the same interface in/out, right?). I have a static route for the network in and the ASA can ping it - Just not traffic on the internal network of the ASA.

-Jason

Please post the configuration – radius Jun 06 '10 at 17:22 — radius, Jun 06 '10 at 17:22

score 1 · Answer 1 · answered Jun 07 '10 at 17:55

Since you mentioned using the same interface for in an out, you may want to check out this command:

same-security-traffic permit intra-interface

Here is the config info related to same-security-traffic:

inter-interface  Permit communication between different interfaces with the
                 same security level 
intra-interface  Permit communication between peers connected to the same
                 interface

Sorry, but I don't know where the equivalent option is in ASDM.

score 0 · Answer 2 · answered Jun 06 '10 at 22:21

If we could see the configuration this would be a lot easier to diagnose.

Also could you post some of your debug output. As verbose as possible. I would like to see what the ASA thinks the inbound and outbound interfaces are for traffic going to those remote locations that don't work. Also a debug output of the pings that do work.

Routing traffic to another internal network

2 Answers2