I have an ASA with 2 public interfaces (2 IP blocks) and I am having quite a bit of trouble getting the routing to work correctly.
Here is a scenario:
ASA has 2 Internet facing interfaces 1.1.1.254 and 2.2.2.254
There is a downstream BGP router with interfaces 1.1.1.1 and 2.2.2.1
The default route on the ASA is to 1.1.1.1
If a user from, let's say 3.3.3.3 tries to ping 1.1.1.254 he gets a reply. But if he tries to ping 2.2.2.254 the request times out. The BGP router can ping both interfaces just fine.
If I add a static route on the ASA 'route {SecondINT} 3.3.3.3 255.255.255.255 2.2.2.1 ' then the user can ping the 2.2.2.254 interface.
The problem I'm having is the request is actually getting to the ASA but it's sending it back out the wrong interface (due to the default route). How do I get the traffic to exit the same interface it came in on?
I know this is not a hairpin problem and same-security inter/intra will not fix this issue. This is a routing issue and since the ASA doesn't support âdefault next-hopâ in a route-map I can't figure out how to fix it.
Any ideas?
Thanks!!!