04-24-2007 05:19 AM - edited 03-11-2019 03:03 AM
I have a temporary situation where I need to allow traffic where both tx and rx do not take the same path.
Sometimes the originating traffic will go through the ASA, and sometime the return traffic will go through the ASA.
Please don't tell me that I need to create two-way rules! Please tell me that there is a magical one-liner or a checkbox somewhere to allow this.
05-03-2007 05:59 AM
To my knowledge, only in BGP you can set the rules in policy map for applying the rules for the it attributes. In pix other than access list to apply the rules in interface may end up with your solution.
05-03-2007 07:16 AM
Here's what it takes to allow out-of-state traffic (or asymmetrical routing as I've seen cisco refer to it as).
static (
failover timeout -1
Example
static (server-net-a,server-net-b) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 norandomseq nailed
static (server-net-b,server-net-a) 10.0.1.0 10.0.1.0 netmask 255.255.255.0 norandomseq nailed
failover timout -1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: