https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074267#M136239 <P>Need a hand here trying to figure out an odd situation.</P> <P>I have 2 ASAs directly connected to each other at Site A and Site B. I have site to site vpns terminating at Site A. Remote sites communicate with networks inside Site A (172.25.0.0/16). Every once in a while, I notice that my MAN connection between the 2 firewalls is saturated with 20Mb/s of traffic in each direction. It seems that Site A ASA is sending traffic from the site to site destined for 172.25.x.x towards Site B. Then site B turns around and sends the traffic back to Site A, Site A ASA then sends back to Site B. Routing ping pong? This repeats itself over and over again. Routing tables are correct in each device. Site A 5516-x should be sending traffic destined to 172.25.4.x to vlan4 interface, not GRN interface. I have no idea why this is happening.</P> <P></P> <P>(outside vpns, 172.16.x.x)</P> <P>Site A 5516-x (GRN interface 172.27.10.17) &lt;--------------------&gt; Site B 5510 (177 interface 172.27.10.18)</P> <P>(inside vlans, 172.25.0.0/16)</P> <P></P> <P><SPAN style="text-decoration: underline;"><STRONG>Site A sho conn</STRONG></SPAN></P> <P><BR />ICMP <STRONG>GRN</STRONG> 172.16.10.246:1 <STRONG>GRN</STRONG>&nbsp; 172.25.4.40:0, idle 0:00:00, bytes 41602656, flags X<BR />this would also show the UDP connection shown below in Site B, but I deleted this connection (actually had to shun the ip and delete the conn as it kept reappearing)</P> <P></P> <P><STRONG><SPAN style="text-decoration: underline;">Site A sho route</SPAN></STRONG><BR />C&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>172.25.4.0</STRONG> 255.255.255.0 <STRONG>is directly connected, vlan4</STRONG></P> <P></P> <P><SPAN style="text-decoration: underline;"><STRONG>Site B sho conn</STRONG></SPAN></P> <P><SPAN style="text-decoration: underline;"><STRONG></STRONG></SPAN></P> <P>ICMP <STRONG>177</STRONG> 172.16.10.246:1 <STRONG>177 172.25.4.40</STRONG>:0, idle 0:00:00, bytes 9644640</P> <P>UDP <STRONG>177</STRONG> 172.16.9.5:161 <STRONG>177 172.25.4.20</STRONG>:60393, idle 0:00:00, bytes 2553741606, flags -</P> <P></P> <P><SPAN style="text-decoration: underline;"><STRONG>Site B sho route</STRONG></SPAN></P> <P>R&nbsp;&nbsp;&nbsp; <STRONG>172.25.4.0</STRONG> 255.255.255.0 [120/1] via <STRONG>172.27.0.17, 0:00:21, 177</STRONG></P> Tue, 12 Mar 2019 09:15:36 GMT acomiskey 2019-03-12T09:15:36Z https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074267#M136239 <P>Need a hand here trying to figure out an odd situation.</P> <P>I have 2 ASAs directly connected to each other at Site A and Site B. I have site to site vpns terminating at Site A. Remote sites communicate with networks inside Site A (172.25.0.0/16). Every once in a while, I notice that my MAN connection between the 2 firewalls is saturated with 20Mb/s of traffic in each direction. It seems that Site A ASA is sending traffic from the site to site destined for 172.25.x.x towards Site B. Then site B turns around and sends the traffic back to Site A, Site A ASA then sends back to Site B. Routing ping pong? This repeats itself over and over again. Routing tables are correct in each device. Site A 5516-x should be sending traffic destined to 172.25.4.x to vlan4 interface, not GRN interface. I have no idea why this is happening.</P> <P></P> <P>(outside vpns, 172.16.x.x)</P> <P>Site A 5516-x (GRN interface 172.27.10.17) &lt;--------------------&gt; Site B 5510 (177 interface 172.27.10.18)</P> <P>(inside vlans, 172.25.0.0/16)</P> <P></P> <P><SPAN style="text-decoration: underline;"><STRONG>Site A sho conn</STRONG></SPAN></P> <P><BR />ICMP <STRONG>GRN</STRONG> 172.16.10.246:1 <STRONG>GRN</STRONG>&nbsp; 172.25.4.40:0, idle 0:00:00, bytes 41602656, flags X<BR />this would also show the UDP connection shown below in Site B, but I deleted this connection (actually had to shun the ip and delete the conn as it kept reappearing)</P> <P></P> <P><STRONG><SPAN style="text-decoration: underline;">Site A sho route</SPAN></STRONG><BR />C&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <STRONG>172.25.4.0</STRONG> 255.255.255.0 <STRONG>is directly connected, vlan4</STRONG></P> <P></P> <P><SPAN style="text-decoration: underline;"><STRONG>Site B sho conn</STRONG></SPAN></P> <P><SPAN style="text-decoration: underline;"><STRONG></STRONG></SPAN></P> <P>ICMP <STRONG>177</STRONG> 172.16.10.246:1 <STRONG>177 172.25.4.40</STRONG>:0, idle 0:00:00, bytes 9644640</P> <P>UDP <STRONG>177</STRONG> 172.16.9.5:161 <STRONG>177 172.25.4.20</STRONG>:60393, idle 0:00:00, bytes 2553741606, flags -</P> <P></P> <P><SPAN style="text-decoration: underline;"><STRONG>Site B sho route</STRONG></SPAN></P> <P>R&nbsp;&nbsp;&nbsp; <STRONG>172.25.4.0</STRONG> 255.255.255.0 [120/1] via <STRONG>172.27.0.17, 0:00:21, 177</STRONG></P> Tue, 12 Mar 2019 09:15:36 GMT https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074267#M136239 acomiskey 2019-03-12T09:15:36Z https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074268#M136240 <P>Could you please attach the running config from side A. It could be a some overlapping crypto map or NAT config that might be causing it. Also, attach show route from ASA A.</P> <P></P> <P>-</P> <P>AJ</P> Mon, 24 Apr 2017 20:05:36 GMT https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074268#M136240 Ajay Saini 2017-04-24T20:05:36Z https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074269#M136241 <P>Hi Aj, thanks for the response. I will have to do some sanitizing. I'll try to get it up tomorrow.</P> Mon, 24 Apr 2017 20:09:42 GMT https://community.cisco.com/t5/network-security/asa-routing-oddity-help/m-p/3074269#M136241 acomiskey 2017-04-24T20:09:42Z