asymetric lan routing through Firewall

Unanswered Question
Oct 4th, 2010
User Badges:


This is ver complex problem.

Firewall      Router1.1.1.1----------

'                         '

'                         '

'                         '





PC( with gateway


PC wants to send traffic to

PC(>FW(> Router(>

Return traffic --> Router(> (through router using direct interface without going through firewall.

As the return traffic didn't go through firewall, so tcp handshake not completed so failied. It seems when we built the session through firewall, it adds something to packet and on return revert back. so connections built through firewall but return traffic reaches to source without going through firewall get drop at source as its different packet.

Same thing happens when initiates session to, initiated traffic goes to pc without firewall and when pc replies to gateway firewall, firewall dropped as initiated session not in list.

Is there any solution for this problem. it seems very simple but a lot of complexity involved.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Mon, 10/04/2010 - 03:50
User Badges:
  • Cisco Employee,

There are 2 options that you can configure:

Option 1) The more secure option --> change the PC default gateway from the ASA to the router. This will ensure that no assymmetric routing happens within your network. Then if there are any specific routes that needs to be sent towards the ASA firewall, you can configure specific routing on the router to point towards the ASA IP

Option 2) The least secure option --> configure TCP bypass on ASA. Please find the following URL for your reference on the configuration:

Hope that helps.


This Discussion