Cisco ASA/PIX Firewall inside interface routing problem

If you are having issues routing your traffic within the inside interface, or hair-pining your traffic, chances are you need to enable the “same-security-traffic permit intra-interface” command.

Take a look at the picture below which explains this problem:

Basically when you set the ASA as a default gateway, you are unable to have the ASA forward (or route) packets in and out of the same interface. With OS version 7.2(1) and later it can now be done via the command “same-security-traffic permit intra-interface”. This command will apply globally to all interfaces.

Note: Prior to version 7.2(1) i.e if you are using a PIX with OS 6.X. This feature is not supported!

A link with the how to can be found on the cisco website

Related Posts with Thumbnails