http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml
?
same security traffic permit intra-interface
-Carlos
Tony Singh @ 17/07/2012 05:21 -0300 dixit:
> hi experts
>
> problem
> network behind wireless is 10.0.0.0/24 unable to access from asa defined
> dhcp network 192.168.1.0/24
>
> topology
> wireless access point wan port --> ASA inside switchport vlan 1
>
> on asa set a static route to say 10.x is behind 192.168.1.7 (which is the
> address of the wan port of the wireless access point, pings fine from asa
> and traffic from the 10.x range is able to get out to the internet fine)
>
> route inside 10.0.0.0 255.255.255.0 192.168.1.7
>
> S 10.0.0.0 255.255.255.0 [1/0] via 192.168.1.7, inside
>
> but ping fails
>
> ciscoasa(config)# ping 10.0.0.1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
> ?????
> Success rate is 0 percent (0/5)
>
> using the ASDM packet tracer facility it show that it is trying to ping
> from inside to outside interface, it fails due to acl-rule
>
> but on asa not seeing it here..
>
> ciscoasa(config)# show access-list
> access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
> alert-interval 300
>
> problem is this probably a private vlan scenario as I have a network within
> a network on my inside interface so the packet trace going from inside to
> outside is wrong
>
> any advice would be great
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Tue Jul 17 2012 - 06:36:56 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:23 ART