We have an ASA 5510 that's directly connected to three networks...
10.12.14.0/24, 10.15.30.0/24, and an external network. On the 10.12.14.0/24 subnet, there's also a 2811 router with a T1. Hosts in the 10.12.14.0/24 subnet have a default gateway of 10.12.14.254, which is the 2811 The 2811 has a static route to direct traffic destined for 10.15.30.0/24 to 10.12.14.253, the ASA. But hosts on 10.12.14.0/24 cannot access hosts on 10.15.30.0/24 Is there some specific ACL or something that needs to be set to allow this?ntasa01# sh conf : Saved : Written by enable_15 at 06:34:16.732 PDT Thu Aug 2 2007 ! ASA Version 7.0(6) ! hostname ntasa01 enable password ****************** encrypted names name 192.168.70.0 ld_lan name 192.168.2.0 sd_lan name 10.12.1.0 ld_dmz name 10.12.2.0 ld_ras_lan name 10.3.4.0 sd_ras_lan name 10.15.20.0 nl_dmz name *************** ntmgw01-I name 10.12.14.0 nt_mgmt name 10.3.3.0 sd_dmz name 10.15.30.0 nt_dmz dns-guard ! interface Ethernet0/0 nameif outside security-level 0 ip address **************** 255.255.255.0 standby ************** ! interface Ethernet0/1 nameif inside security-level 100 ip address 10.15.30.1 255.255.255.0 standby 10.15.30.2 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 description LAN/STATE Failover Interface ! interface Management0/0 nameif management security-level 100 ip address 10.12.14.253 255.255.255.0 management-only ! passwd **************** encrypted ftp mode passive clock timezone PST -8 clock summer-time PDT recurring 2 Sun Mar 1:59 1 Sun Nov 3:00 access-list 200 extended permit tcp any host ntmgw01-I eq smtp access-list DMZ extended permit ip any any log access-list MGMT extended permit ip any any pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 failover failover lan unit secondary failover lan interface failover Ethernet0/3 failover link failover Ethernet0/3 failover interface ip failover 172.16.2.1 255.255.255.252 standby
172.16.2.2 asdm image disk0:/asdm506.bin no asdm history enable arp timeout 14400 global (outside) 1 *************** netmask 255.255.255.255 nat (inside) 1 nt_dmz 255.255.255.0 static (inside,outside) 10.15.30.193 *************** netmask 255.255.255.255 static (inside,outside) 10.15.30.194 *************** netmask 255.255.255.255 static (inside,outside) 10.15.30.228 ntmgw01-I netmask 255.255.255.255 access-group 200 in interface outside access-group DMZ in interface inside access-group MGMT in interface management route outside 0.0.0.0 0.0.0.0 ************** 1 route management sd_lan 255.255.255.0 10.12.14.254 1 route management sd_dmz 255.255.255.0 10.12.14.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username admin password **************** encrypted privilege 15 aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 10.12.14.2 255.255.255.255 management http 192.168.2.192 255.255.255.255 management snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map dynmap 30 set transform-set ESP-3DES-MD5 telnet 192.168.2.192 255.255.255.255 management telnet 10.12.14.2 255.255.255.255 management telnet 192.168.2.116 255.255.255.255 management telnet timeout 15 ssh 192.168.2.116 255.255.255.255 management ssh 192.168.2.192 255.255.255.255 management ssh timeout 60 ssh version 2 console timeout 0 ntp server 192.168.2.2 ntp server 10.12.14.2 source management prefer Cryptochecksum:*********************************