I have a query related to ASA 5505 Packet flow . I was encountering an issue the other day and below is the topology .Though the issue has been resolved i want to know the exact packet flow as to when the ASA will behave as a switchport and when it will behave as layer 3 .Below is the case for Asymmetric routing issue . My query is that when packet from the user (10.0.0.0) is going towards the 3825 , how exactly ASA treats it (as in the packet capture there were no request to ASA i.e no SYN packet ? ) ; however when the FTP Server replies back , ASA will do a route lookup for 10.0.0.0 Network .Does this means that with 3825 and FTP Server being in the same VLAN , ASA will act as L2 Device for the initial ICMP Echo packet towards FTP Server and as L3 Device while replying back.Please correct me if i am wrong as i want to understand that though U Turning resolved this issue , i want to understand the exact packet flow .
Internal --------CoreSw----3825-----ASA ----- Internet LAN | 10.0.0.0/16 | FTP Server
1) FTP Server (172.30.10.22) and 3825 (connected to ASA Ethernet0/1) are in the same VLAN (vlan1 - nameif inside) . Cust not able to access ftp server from the inside of the ASA 10.0.22.0 network ; however able to ping from 3825 .The FTP server is connected to the e0/2 port of ASA , which is also in vlan 1.
2) I have put captures on ASA and saw only reply from FTP server, but ASA never saw ping request.The ping request was timing out . Please note that i was not able to initiate ICMP from FTP Server as the customer doesnot have access to it and it was not possible as it is in another location .
3) Thought it to be an asymmetric routing issue and gave the appropriate commands of U-Turning and the same worked
4) After that was able to ping FTP Server from the inside IP
1) FTP Server is publically visible for the outside world .
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :