Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
2
Replies

ASA 5520 - Need to allow out-of-state traffic

nms
Level 1
Level 1

‎04-24-2007 05:19 AM - edited ‎03-11-2019 03:03 AM

I have a temporary situation where I need to allow traffic where both tx and rx do not take the same path.

Sometimes the originating traffic will go through the ASA, and sometime the return traffic will go through the ASA.

Please don't tell me that I need to create two-way rules! Please tell me that there is a magical one-liner or a checkbox somewhere to allow this.

Labels:
0 Helpful
2 Replies 2

amritpatek
Level 6
Level 6

‎05-03-2007 05:59 AM

To my knowledge, only in BGP you can set the rules in policy map for applying the rules for the it attributes. In pix other than access list to apply the rules in interface may end up with your solution.

0 Helpful

nms
Level 1
Level 1
In response to amritpatek

‎05-03-2007 07:16 AM

Here's what it takes to allow out-of-state traffic (or asymmetrical routing as I've seen cisco refer to it as).

static (,) netmask norandomseq nailed

failover timeout -1

Example

static (server-net-a,server-net-b) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 norandomseq nailed

static (server-net-b,server-net-a) 10.0.1.0 10.0.1.0 netmask 255.255.255.0 norandomseq nailed

failover timout -1

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card