i have an odd problem with routing traffic between two ASAs in two different locations. i have two locations with a site-to-site T1 in between. in both locations i have ASA5510s and on both ASAs i have following interfaces:
outside -> external interface
inside -> LAN
ptp -> interface for site-to-site T1
location A has LAN with subnet 192.168.0.0 /24 and location B has LAN with subnet 10.10.20.0 /24. i'm at location A and i can reach every host at location B. also hosts from location B can reach hosts at location A so i know the routing is working. however at location A i have a host 192.168.0.19 that needs to talk to host 10.10.20.19 at location B on UDP port 50795 and that traffic never gets accross. there are no access lists that would block the traffic. the really odd part is that i can capture packets on inside interface that match the criteria and see that host 192.168.0.19 is sending packets to 10.10.20.19, but when i try and capture packets on the ptp interface i see nothing BUT (!!!) if i try and capture packets on the outside interface i see them!!!
here is my access list that i use to capture traffic:
access-list cap2 line 1 extended permit udp any host 192.168.0.19 eq 50795
access-list cap2 line 2 extended permit udp host 192.168.0.19 eq 50795 any
here is my capture on inside interface (location A):
capture cap2 type raw-data access-list cap2 interface inside real-time
the exact same thing is happening on location B. i can see the capture on inside interface and verfy that host 10.10.20.19 is sending packets to host 192.168.0.19 on port 50795 but i don't capture any of these packets on the ptp interface - instead i caputre them on the outside interface! both hosts 192.168.0.19 and 10.10.20.19 and Avaya phone systems so i cannot try sending other type of traffic between two hosts but i can see that there is a lot of UDP traffic between 192.168.0.19 and 10.10.20.18 (which is a voicemail server) so i know that 192.168.0.19 can reach location B but for some reason traffic to 10.10.20.19 is sent to the outside interface.
any help, suggestions or comments and welcomed as i have been working on this for the last two days and i can't get my head around this.
Re: asa5510 - problem with routing traffic (i think)
there are two routers in between two ASAs used to "terminate" site-to-site T1s on each end. but there is nothing on those routers that would preven traffic from going across. there are no static routes and no access-lists. and since all of my routing is done on subnet basis (no host to host routes) i don't get it why would traffic from 192.168.0.19 to 10.10.20.18 be sent through correct interface and traffic from 192.168.0.19 to 10.10.20.19 be sent somewhere else. to make things worst all this worked until i had power outage at location B....
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...