I have an interesting question. We are going to try and run equal-cost multi-pathing through a transparent firewall. There will be two routers on one side and two on the other running eigrp between them. The question is, if a packet leaves one port but the response comes back on a different port, would this cause issues?
When you run Equal cost multi path in ASA, you will not get a return packet on a different port. It will not do round robin fashion. Below mentioned excerpt from cisco document will clarify your doubt.
This document provides information on how to configure the Adaptive Security Appliance (ASA) with up to three equal cost routes to the same destination network per interface. The ASA hashes the source and destination IP addresses of the outbound packet to determine which route it will use to determine the next hop for the packet (the ASA does not employ a round-robin algorithm to choose the next hop). As opposed to round-robin load balancing, packets with the same source and destination pair are always sent towards the same next hop, as per the computed hash.
That is true with a firewall in Routed mode. This firewall is in transparent mode therefore no routing is taking place on the firewall it self. The SYN would come in and leave on one set of interfaces (bridge group) but the SYN-ACK would return on another set of interfaces (different bridge group).
I have built this in the lab and confirmed the ASA will drop the packet breaking the connection.
I would like to know if there is any way around this?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...