Jason,
The first note on the page states that the ASA does not support asymmetrical routing and therefore does not support ICMP redirect:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
However, with 8.2.1 code, you have another option with TCP state bypass:
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
If you have asymmetric routing configured on upstream routers, and traffic alternates between two adaptive security appliances, then you can configure TCP state bypass for specific traffic. The following command was introduced: set connection advanced tcp-state-bypass.
In ASDM, see Configuration > Firewall > Service Policy Rules > Rule Actions > Connection Settings.
Lots of new features in 8.2.1, patiently waiting for the next official interim :)
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Jason Morris
Sent: Friday, June 26, 2009 1:08 AM
To: Cisco certification
Subject: ASA and ICMP redirects
Anyone know a way to get an ASA to send ICMP redirects on an inside
interface? I've been poking around for a couple of days and haven't been
able to make it dance.
Thanks
Jason
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 26 2009 - 09:14:26 ART
This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:37 ART