Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Question about firewalling for asymmetric routing

Hi, there. I'm Daniel KY SEO.

I have a question about firewalling for asymmetric routing.

Our client have a asymmetric routing topology like attached PPT file. We recommended that our client change the routing information of server.

But, they rejected our proposal because of several complicated issues. And they

also said that “This topology is possible

on Juniper(Netscreen) and Nokia firewall.

Why not Cisco PIX?”.

Is there any options on PIX in order to

resolve these issues? I wanna know any

options on PIX. What should I do?

Isn’t anyone know the issues?

Help me!!! Please.

Best Regards,

From Korea, republic of.

3 REPLIES

Re: Question about firewalling for asymmetric routing

Hello,

Right now, with Version 7.0, you can have two PIX firewalls connected together and work in an ACtive-Active mode, thus allowing asymmetric routing on the network. Without this, am afraid it is not possible. A single firewall will not support asymmetric routing. You can probably bypass the firewall for such traffic.

Hope this helps.. rate replies if found useful...

Raj

New Member

Re: Question about firewalling for asymmetric routing

Thanks for your reply. But, Ack+Syn packets which the server send client don't pass the firewall like tha attached file. So it is different from A-A mode issue.

How can I bypass the firewall for such traffic?

Let me know about your thinking in detail.

Regards,

Daniel

New Member

Re: Question about firewalling for asymmetric routing

Hi Daniel,

The key problem you are facing is PIX firewall cannot maintain connection states due to asymmetric routing. However, you can change your firewall to transparent mode (available in version 7.0) and move all the L3 services(e.g routing, NAT) from existing firewall to another L3 equipment (e.g router).

137
Views
4
Helpful
3
Replies