After struggling with a routing problem between a host which had a Cisco ASA with an ASA version 8.4(3) as gateway and had to route to an other subnet in the inside area.
In this example the host 172.16.1.1 wants to connect to a http://10.1.10.1 (icmp works, other traffic doesn’t)
To solve this issue, you need to add some configuration to the Cisco ASA ( 172.16.1.254 ) as a workaround. The Cisco ASA is not really designed to do routing, if i’m correct.
However what should you add to the configuration.
You need a static route added to the Cisco ASA for example:
route inside 10.1.10.0 255.255.255.248 172.16.1.253 1
Access-list you have to create:
access-list tcp_state_bypass extended permit tcp any any
Create a class map and a policy map:
class-map tcp_bypass match access-list tcp_state_bypass ! ! policy-map tcp_bypass_policy class tcp_bypass set connection advanced-options tcp-state-bypass
Configure a service-policy to make it active.
service-policy tcp_bypass_policy global
Now I was able to open the HTTP webpage