Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

Assimetric routed packet

ifabrizio
Level 1
Level 1

‎07-10-2009 02:30 AM - edited ‎03-11-2019 08:53 AM

Dear All,

I know that the asr-group command permit to a couple of interfaces (belonging to the same group) to re-route a return packet for a connection that

originated through its peer unit.

But the asr works also for the new connections?If a new connection arrive to the peer unit, the peer unit re-route the traffic to the active unit?

Best regards,

Igor.

Labels:
0 Helpful
1 Reply 1

pccw258103
Level 1
Level 1

‎07-15-2009 05:51 AM

This is for multi context, both firewall are at active status. NOT FOR active/standby mode

When running in Active/Active failover, a unit may receive a return packet for a connection that originated through its peer unit. Because the security appliance that receives the packet does not have any connection information for the packet, the packet is dropped. This most commonly occurs when the

two security appliances in an Active/Active failover pair are connected to different service providers and the outbound connection does not use a NAT address.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card