Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1488
Views
0
Helpful
2
Replies

Track Connections over multiple Interface ASA 5540

tachuavila
Level 1
Level 1

‎09-18-2008 11:04 AM - edited ‎03-11-2019 06:46 AM

Hi, I currently have an ASA5540 with the following setup

Interface A inside1

Interface B outside1

Interface C Outside2.

I currently have failover setup for connection tracking the Outside1 interface now recently my ISP had some issues and had to redirect traffic through interface 2. It all works fine except for traffic originating from my inside network. Here is example.

If i establish a connection to an external host because my default route with metric 1 is outside 1 traffic goes out through there but then my isp sends the response back through outside2 since the device doesnt know that thats the response for the connection he established on outside1 then it denies the traffic. and i can see all the denies on my asa logs. How can I enable connection tracking through both interfaces

Labels:
0 Helpful
2 Replies 2

dgroscost
Level 4
Level 4

‎09-22-2008 01:15 PM

ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

0 Helpful

m-haddad
Level 5
Level 5

‎09-22-2008 01:44 PM

I don't think this is doable because the traffic is going out from one interface and coming back in from another interface and this will be considered as IP Spoofing. ASA won't allow traffic to come back.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card