Track Connections over multiple Interface ASA 5540

Unanswered Question
Sep 18th, 2008

Hi, I currently have an ASA5540 with the following setup

Interface A inside1

Interface B outside1

Interface C Outside2.

I currently have failover setup for connection tracking the Outside1 interface now recently my ISP had some issues and had to redirect traffic through interface 2. It all works fine except for traffic originating from my inside network. Here is example.

If i establish a connection to an external host because my default route with metric 1 is outside 1 traffic goes out through there but then my isp sends the response back through outside2 since the device doesnt know that thats the response for the connection he established on outside1 then it denies the traffic. and i can see all the denies on my asa logs. How can I enable connection tracking through both interfaces

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m-haddad Mon, 09/22/2008 - 13:44

I don't think this is doable because the traffic is going out from one interface and coming back in from another interface and this will be considered as IP Spoofing. ASA won't allow traffic to come back.


This Discussion