Cisco Support Community
Community Member

asym routing problem on asa5500


I have a ASA5500 that used to be the core router/firewall and I am in the process of moving the non internet facing routing/firewall away from it.

I have come across an issue with, what seems to be a asym routing problem

vlan67 is my WAN vlan - basically a bonded pair of ports on a switch to a L2 connection between site)

I am using OSPF and vlan67 is area at the other end is pair of routers handling OSPF and routing in that DC

at my DC with the ASA I have

vlan 68 - this is my internal vlan which is the interconnect with my main DC internal routers again with OSPF

ASA5500 -> -> router A

router A is the DGW for network and publishes this via network

The is a management network .. I have VMWare VC here and other managemen box and iLo, Dracs etc....

I also tried to place the management port of the ASA5500 on here so (& ... its a cluster)

I have a tftp server on  when I am on console on the ASA5500 and run copy running tftp://<filename> it sometimes fails.

it seems like it wants to send via OSPF route... so it has 2 paths to 1 via the direct connect management 0/0 (I tried this as a vlan on off one of the 1G ports as well) and 1 via

That really should be a problem I did think, but I saw no errors in the log I saw no packets on the network ! the tftp would fail ... or work with an empty file

The other annoying thing is that the VC couldn't connect to any esxh hosts in the second data center. I believe the path was

outgoing -> ..(routerA).. -> (asa5500) -> (other DC)


(other DC) -> (ASA5500) -> the ASA knows about the directly connect path and i think its having issues with that. But again no error messages in the log !

So I am stuck ... I do have plans on bring the WAN interface over to router A, but I want to make sure its an issue with ASA5500 and I would like to understand what the issue is... Why did the tftp fail !


Is this the right forum ???

Everyone's tags (3)
CreatePlease to create content