Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
1
Replies

Asymmetric routing problem on ASA with mutiple public interfaces

Brian M
Level 1
Level 1

‎02-03-2009 07:08 PM - edited ‎03-04-2019 01:05 AM

I have an ASA with 2 public interfaces (2 IP blocks) and I am having quite a bit of trouble getting the routing to work correctly.

Here is a scenario:

ASA has 2 Internet facing interfaces 1.1.1.254 and 2.2.2.254

There is a downstream BGP router with interfaces 1.1.1.1 and 2.2.2.1

The default route on the ASA is to 1.1.1.1

If a user from, let's say 3.3.3.3 tries to ping 1.1.1.254 he gets a reply. But if he tries to ping 2.2.2.254 the request times out. The BGP router can ping both interfaces just fine.

If I add a static route on the ASA 'route {SecondINT} 3.3.3.3 255.255.255.255 2.2.2.1 ' then the user can ping the 2.2.2.254 interface.

The problem I'm having is the request is actually getting to the ASA but it's sending it back out the wrong interface (due to the default route). How do I get the traffic to exit the same interface it came in on?

I know this is not a hairpin problem and same-security inter/intra will not fix this issue. This is a routing issue and since the ASA doesn't support “default next-hop” in a route-map I can't figure out how to fix it.

Any ideas?

Thanks!!!

Labels:
0 Helpful
1 Reply 1

celiocarreto
Level 1
Level 1

‎02-04-2009 06:48 AM

Hi,

in my opinion there is no way to solve this. I had such a client and couldn't find a solution.

Regards, Celio

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card