Cisco ASA 5505 Question

[Wavesg]

I just have a quick questions. Let's say i have a host inside (10.10.1.xx) using the ASA as it's default gateway. The ASA has connection another to the internet using the outside interface. I have 2 static routes in the ASA, one pointing to the inside interface for any connection on the inside on network 10.xx.xx.xx the other route points all traffic to the internet.

If a packet comes from a host to the firewall on inside interface, and this packet is destine to another host in the inside as well, can the firewall send the traffic on the same interface it received it on, in this case the inside interface?

Stay cool; it’s not over yet!

 

[unclerico]

absolutely it can, however, in your configuration if all hosts on the inside reside on the same segment the ASA will not even be involved. The host will consult its local routing table and arp cache if the destination IP is on the same segment. If the destination MAC is not in the hosts ARP cache then the host will broadcast an ARP request on the local LAN. I hope this makes sense.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[Staticfactory]

For this to work on the outside interface, like in a case where you have remote VPN connections (or for different internal segments) I believe you would need to use the "same-security-traffic permit intra-interface" global exec command.