I should probably start by explaining the topography, we have two different internet connection with separate firewalls.One is an asa and one is a meraki, the default gateway for all the servers behind the firewalls is the ASA (10.100.200.1). The problem I am having is that we have a site to site on the meraki (10.100.200.2) and the traffic destined for the subnet(192.168.100.0) on the other side of the site to site can't find its way because it is trying to go through the asa's default gateway(10.100.200.1). If I set a static route on the server that is trying to send traffic to the subnet(192.168.100.0) to use the meraki's default gateway(10.100.200.2) it works. How do a set a static route on the asa so that any traffic that comes through the meraki uses the meraki's default gateway to get out?
Route traffic from ASA to different firewall default gateway
cisco-asaroutingsite-to-site-vpnvpn
Related Topic
- Cisco ASA 5505 site to site IPSEC VPN won’t route from multiple LANs
- Cisco ASA – How to Route PPPoE-Assigned Subnet
- Windows – Force Windows Local Subnet Traffic through a Gateway
- Windows – Default Route Configuration by IP Range
- Cisco ASA site-to-site VPN up but no traffic
- Cisco ASA 5505 IPSEC VPN Connecting but not routing traffic
Best Answer
An ASA is a low end gear for Cisco, as such this firewall does not support ICMP redirect. Thus, you can't with the ASA.
You will have to set some GPO, or such alternative method to force the route, or upgrade the firewall for a true router.
The way it work is when the router see that the computer need to use another gateway, the router send the icmp redirect to the computer, to advertise the route to the correct router/firewall. The computer after continue to use that route.