Asymmetric routing problem on ASA with mutiple public interfaces

Unanswered Question
Feb 3rd, 2009

I have an ASA with 2 public interfaces (2 IP blocks) and I am having quite a bit of trouble getting the routing to work correctly.

Here is a scenario:

ASA has 2 Internet facing interfaces and

There is a downstream BGP router with interfaces and

The default route on the ASA is to

If a user from, let's say tries to ping he gets a reply. But if he tries to ping the request times out. The BGP router can ping both interfaces just fine.

If I add a static route on the ASA 'route {SecondINT} ' then the user can ping the interface.

The problem I'm having is the request is actually getting to the ASA but it's sending it back out the wrong interface (due to the default route). How do I get the traffic to exit the same interface it came in on?

I know this is not a hairpin problem and same-security inter/intra will not fix this issue. This is a routing issue and since the ASA doesn't support “default next-hop” in a route-map I can't figure out how to fix it.

Any ideas?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
celiocarreto Wed, 02/04/2009 - 06:48


in my opinion there is no way to solve this. I had such a client and couldn't find a solution.

Regards, Celio


This Discussion