ASA routing problem

Unanswered Question
Dec 3rd, 2007
User Badges:


I've got 2 ASA 5520 on my network.

The first ASA (Firewall 1) realize site to site VPN between Datacenter et remote office, and the second ASA (firewall 2)do exactly the same thing, for other remote office.

As you can see on attachments, "Firewall 1" is the default gateway for datacenter LAN. Firewall 1 know routes to reach remote office managed by firewall 2 (via site to site VPN).

When a user from datacenter LAN try to ping a server or access on a server with TCP application, on a remote office using Firewall 1, it's a success.

But if a user try to do the same thing on a remote office using firewall 2, pings are OK but not TCP application.

Any idea ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


We've seen odd occurances with TCP applications when running over VPN's and GRE Tunnels.

The fix was to set the MTU on the servers to something fairly low (1400 ish) - you can established this via ping.

I'd have a look along these lines - it may be something else but its something to consider.




This Discussion