Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

asymetric lan routing through Firewall


This is ver complex problem.

Firewall      Router1.1.1.1----------

'                         '

'                         '

'                         '





PC( with gateway


PC wants to send traffic to

PC(>FW(> Router(>

Return traffic --> Router(> (through router using direct interface without going through firewall.

As the return traffic didn't go through firewall, so tcp handshake not completed so failied. It seems when we built the session through firewall, it adds something to packet and on return revert back. so connections built through firewall but return traffic reaches to source without going through firewall get drop at source as its different packet.

Same thing happens when initiates session to, initiated traffic goes to pc without firewall and when pc replies to gateway firewall, firewall dropped as initiated session not in list.

Is there any solution for this problem. it seems very simple but a lot of complexity involved.


Cisco Employee

Re: asymetric lan routing through Firewall

There are 2 options that you can configure:

Option 1) The more secure option --> change the PC default gateway from the ASA to the router. This will ensure that no assymmetric routing happens within your network. Then if there are any specific routes that needs to be sent towards the ASA firewall, you can configure specific routing on the router to point towards the ASA IP

Option 2) The least secure option --> configure TCP bypass on ASA. Please find the following URL for your reference on the configuration:

Hope that helps.

CreatePlease login to create content