Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Asymmetric routing problem on ASA with mutiple public interfaces

I have an ASA with 2 public interfaces (2 IP blocks) and I am having quite a bit of trouble getting the routing to work correctly.

Here is a scenario:

ASA has 2 Internet facing interfaces 1.1.1.254 and 2.2.2.254

There is a downstream BGP router with interfaces 1.1.1.1 and 2.2.2.1

The default route on the ASA is to 1.1.1.1

If a user from, let's say 3.3.3.3 tries to ping 1.1.1.254 he gets a reply. But if he tries to ping 2.2.2.254 the request times out. The BGP router can ping both interfaces just fine.

If I add a static route on the ASA 'route {SecondINT} 3.3.3.3 255.255.255.255 2.2.2.1 ' then the user can ping the 2.2.2.254 interface.

The problem I'm having is the request is actually getting to the ASA but it's sending it back out the wrong interface (due to the default route). How do I get the traffic to exit the same interface it came in on?

I know this is not a hairpin problem and same-security inter/intra will not fix this issue. This is a routing issue and since the ASA doesn't support “default next-hop” in a route-map I can't figure out how to fix it.

Any ideas?

Thanks!!!

1 REPLY
New Member

Re: Asymmetric routing problem on ASA with mutiple public interf

Hi,

in my opinion there is no way to solve this. I had such a client and couldn't find a solution.

Regards, Celio

196
Views
0
Helpful
1
Replies
CreatePlease to create content