No announcement yet.

Repurposing ASA-5505s

  • Filter
  • Time
  • Show
Clear All
new posts

  • Repurposing ASA-5505s

    I have a client that is moving from site-to-site VPNs using ASA-5505s to an ethernet-over-bonded DSL solution to create a WAN. Rather than toss the asa's I'd like to repurpose them as basic static routers for this client. My understanding is that I can do this using the same-security-traffic permit inter-interface and same-security-traffic permit intra-interface commands and disabling NAT. I'm just looking for verification that this would work and any experiences you might have had with it. I don't need any complex routing, as this will be two remote offices connecting to each other with internet provided at one of the locations.

  • #2
    Re: Repurposing ASA-5505s

    The ASA will route just fine. The same-security-traffic permit intra-interface is for hairpinning. (IE - When a flow comes in the outside interface and gets routed right back out. Wouldn't think this would apply to your situation. If you don't want to nat make sure that "no nat-control" is enabled. This is the default starting with 8.0.1 i believe.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)