Can you please help me solve the following issue please ...
I have strange problem with routing udp packets. Let me explain better:
I have 2 servers with ip address of for an example: 192.168.1.1 and 192.168.0.1 ... An application installed on them is communicating with UDP packet on ports 1030,1031,1032 and 1033. Communication is bidirectional, in both ways. I have 2 ASA firewalls connecting (between) these 2 servers. I also have a backup IpSec VPN over the internet as a backup link. A do a tracking of the routes for automatic switching of backup. But I have a strange problem, what I mean is that one line on port 1033 from these is ok ,but for other 3 ports (1030,1031,1032, source and destaination ip adreess are the same) One of the 2 ASA's try to put the packets of non working lines in the backup line and I get Deny TCP reverce path check on the other ASA which is normal. I removed the backup line (tracking of interfaces), checked static routes on both firewalls and they are pointing in correct direction but with no sucess. The question is, how is it possible on line from these 4 to work and another 3 not ?
Situation: (The problem is on only one of the 2 firewalls)
1. 192.168.1.1:1030 <-----> 192.168.0.1:1030 ---- routed in wrong direction, to the backup line (static route is pointing to correct path)
2 192.168.1.1:1031 <-----> 192.168.0.1:1031 ---- routed in wrong direction, to the backup line (static route is pointing to correct path)
3. 192.168.1.1:1032 <-----> 192.168.0.1:1032 ---- routed in wrong direction, to the backup line (static route is pointing to correct path)
4. 192.168.1.1:1033 <-----> 192.168.0.1:1033 ----- working ok,routing is where it should be.
How is these possible, one udp flow is routed correctly and the other ones not?
"clear local 192.168.1.1" will clear all connections the 192.168.1.1 host has through the ASA.
For the broken flows please check how they were built. If the ASA saw a udp packet inbound on its backup interface for these ports it will built a flow and subsequent packets will follow these flows.
Try clearing the connections and re-establish the from the inside host.
Let us know if it works.