Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

nms
New Member

ASA 5520 - Need to allow out-of-state traffic

I have a temporary situation where I need to allow traffic where both tx and rx do not take the same path.

Sometimes the originating traffic will go through the ASA, and sometime the return traffic will go through the ASA.

Please don't tell me that I need to create two-way rules! Please tell me that there is a magical one-liner or a checkbox somewhere to allow this.

2 REPLIES
Silver

Re: ASA 5520 - Need to allow out-of-state traffic

To my knowledge, only in BGP you can set the rules in policy map for applying the rules for the it attributes. In pix other than access list to apply the rules in interface may end up with your solution.

nms
New Member

Re: ASA 5520 - Need to allow out-of-state traffic

Here's what it takes to allow out-of-state traffic (or asymmetrical routing as I've seen cisco refer to it as).

static (,) netmask norandomseq nailed

failover timeout -1

Example

static (server-net-a,server-net-b) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 norandomseq nailed

static (server-net-b,server-net-a) 10.0.1.0 10.0.1.0 netmask 255.255.255.0 norandomseq nailed

failover timout -1

132
Views
0
Helpful
2
Replies