[NCLUG] Question about IP forwarding
Sean Rees
seanrees at gmail.com
Mon Apr 26 16:28:12 MDT 2010
I believe the issue here is one of return path. When traffic returns from 192.168.235.0/24, it does not need to transit your ASA in order to reach its destination in 10.50.0.0/16 as 10.50.0.2 bridges both networks. I'm sort of swinging in the dark (or caffeine-induced haze) here, but this could be your issue:
Traffic to 192.168.235.0/24:
[10.50.x.x NODE] --(default route)--> ASA --(static route)--> 10.50.2.10/192.168.235.1 -> [192.168.235.0 NODE]
Traffic from 192.168.235.0/24:
[192.168.235.0 NODE] -> 192.168.235.1/10.50.2.10 --(same subnet)--> [10.50.x.x NODE]
This would explain why individual node-based static routes work.
A possible solution would be to hang 192.168.235.0/24 directly off your ASA for routing.
-sr.
On Apr 26, 2010, at 16:07, Marcio Luis Teixeira wrote:
>
>
>> I assume you have something keeping you from adding it as a static
>
>> route on all of the workstation clients?
>
> Actually, that's the current solution. Luckly my users are savvy enough that I can tell them to make that change themselves on their workstations, so it's not a particularly big deal.
>
> It's more of those things that's bothering me because it shows me there is something I do not understand. And that bugs me. I want to fix it right and learn from the situation :)
>
> I'm installing wireshark on the workstation itself now to see what the conversation looks like from that end.
>
> -- Marcio
>
>
>
> _______________________________________________
> NCLUG mailing list NCLUG at lists.nclug.org
>
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://lists.nclug.org/mailman/listinfo/nclug
More information about the NCLUG
mailing list