ASA assimetric routing, it dont see the Syn/Ack backing then reset connec..
I have a topology where an ASA is the default gateway for the network.
There is a network the ASA knows by other router in the inside network.
Then when a host want to reach this network and goes to ASA as it is host's default gateway the ASA send the traffic comming from inside to a router also in inside.
When the traffic comes back from destination it comes from WAN to this router (the one ASA sent traffic to) and this router send it direct to the host. Not to ASA because this router already knows this host locally.
Then as ASA sees a TCP/SYN going to destination but does not sees TCP/SYN/ACK coming back it sent a TCP/RST to the destination.
How can I prevent it?
I'm using version 8.X, already tried to disable threat-detection basic....
Re: ASA assimetric routing, it dont see the Syn/Ack backing then
Couple of things spring to mind
1) change the default-gateway to be the internal router. This may or may not fit into your topology. Presumably the ASA is for Internet access ? If so you could add a default-route on the internal router pointing to the ASA
2) NAT the source IP address as it goes through the ASA to the ASA inside interface. Then the WAN router would have to send the return traffic back to the ASA
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...