Can you please help me solve the following issue please ...
I have strange problem with routing udp packets. Let me explain better:
I have 2 servers with ip address of for an example: 192.168.1.1 and 192.168.0.1 ... An application installed on them is communicating with UDP packet on ports 1030,1031,1032 and 1033. Communication is bidirectional, in both ways. I have 2 ASA firewalls connecting (between) these 2 servers. I also have a backup IpSec VPN over the internet as a backup link. A do a tracking of the routes for automatic switching of backup. But I have a strange problem, what I mean is that one line on port 1033 from these is ok ,but for other 3 ports (1030,1031,1032, source and destaination ip adreess are the same) One of the 2 ASA's try to put the packets of non working lines in the backup line and I get Deny TCP reverce path check on the other ASA which is normal. I removed the backup line (tracking of interfaces), checked static routes on both firewalls and they are pointing in correct direction but with no sucess. The question is, how is it possible on line from these 4 to work and another 3 not ?
Situation: (The problem is on only one of the 2 firewalls)
1. 192.168.1.1:1030 <-----> 192.168.0.1:1030 ---- routed in wrong direction, to the backup line (static route is pointing to correct path)
2 192.168.1.1:1031 <-----> 192.168.0.1:1031 ---- routed in wrong direction, to the backup line (static route is pointing to correct path)
3. 192.168.1.1:1032 <-----> 192.168.0.1:1032 ---- routed in wrong direction, to the backup line (static route is pointing to correct path)
4. 192.168.1.1:1033 <-----> 192.168.0.1:1033 ----- working ok,routing is where it should be.
How is these possible, one udp flow is routed correctly and the other ones not?
Thank you very very much, problem solved, now all 4 connections seem ok.
But what will happen in the future, I will again set route tracing and bring internet VPN connection as a backup solution again?
What if main serial link fails and current udp flow need to be rerouted automaticaly to backup link ?
Please notice that current aplication send a lot of udp packets, several every secound.... Will it work ok ?
I mean, if main serial link fail and route trace automaticaly add backup "floating" route as active, will the current UDP flow and and create another on over the backup VPN ? I don't want this to happen again and it's very important to me that this aplication is ok with all 4 connections between these 2 servers regardless of which phisical connections is up,either serial or backup VPN over the internet,so can you please expain the logic beside ?
If you have configured something like above, then the traffic will be routed to the VPN interface (where you are terminating your VPN) irrespective of your static route.You need to remove that line for it to work properly.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...