Assimetric routed packet

Unanswered Question
Jul 10th, 2009

Dear All,

I know that the asr-group command permit to a couple of interfaces (belonging to the same group) to re-route a return packet for a connection that

originated through its peer unit.

But the asr works also for the new connections?If a new connection arrive to the peer unit, the peer unit re-route the traffic to the active unit?

Best regards,

Igor.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pccw258103 Wed, 07/15/2009 - 05:51

This is for multi context, both firewall are at active status. NOT FOR active/standby mode

When running in Active/Active failover, a unit may receive a return packet for a connection that originated through its peer unit. Because the security appliance that receives the packet does not have any connection information for the packet, the packet is dropped. This most commonly occurs when the

two security appliances in an Active/Active failover pair are connected to different service providers and the outbound connection does not use a NAT address.

Actions

This Discussion