https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056557#M399626 <HTML><HEAD></HEAD><BODY><P>Hello Hamood,</P><P></P><P>This is the expected behavior of a security firewall as he is seeing an asymetric flow ( Routing issue)</P><P></P><P>The work around is the TCP state bypass policy,</P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml</A></P><P></P><P><STRONG>Rate all the answers, for the community that is as important as a thanks</STRONG></P><P></P><P></P><P></P><P>Regards,</P><P></P><P>Juliio</P></BODY></HTML> Fri, 07 Sep 2012 17:45:58 GMT Julio Carvajal 2012-09-07T17:45:58Z https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056556#M399625 <P>Hello Support Community,</P><P></P><P>We are in the process of setting up a DR site. DR site has network up and running and can talk to internet and the corporate site. Corporate site however can not talk to the DR site because the ASA at the DR site drops the TCP ACK SYN because the SYN from Corp does not go through the DR ASA. DR ASA sees the ACK SYN because it is the default gateway of DR servers. Please see the simplified diagram.</P><P></P><P>Any suggestions? Thanks.</P> Mon, 11 Mar 2019 23:51:30 GMT https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056556#M399625 Hamood Rehman 2019-03-11T23:51:30Z https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056557#M399626 <HTML><HEAD></HEAD><BODY><P>Hello Hamood,</P><P></P><P>This is the expected behavior of a security firewall as he is seeing an asymetric flow ( Routing issue)</P><P></P><P>The work around is the TCP state bypass policy,</P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml</A></P><P></P><P><STRONG>Rate all the answers, for the community that is as important as a thanks</STRONG></P><P></P><P></P><P></P><P>Regards,</P><P></P><P>Juliio</P></BODY></HTML> Fri, 07 Sep 2012 17:45:58 GMT https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056557#M399626 Julio Carvajal 2012-09-07T17:45:58Z https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056558#M399628 <HTML><HEAD></HEAD><BODY><P> My preferred method would be to bring the routing at the DR site down to the switch if that point to point link is your preferred&nbsp; connection.&nbsp; Or, you could figure out a way to send Corp-To-DR traffic over your VPN tunnel.</P></BODY></HTML> Fri, 07 Sep 2012 19:51:36 GMT https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056558#M399628 edatwyler 2012-09-07T19:51:36Z https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056559#M399630 <HTML><HEAD></HEAD><BODY><P> Thanks, </P><P></P><P>We decided to replace the 2960 at DR with a 3750 and change the DG on DR servers to the 3750. But that means travelling to DR site (5 Hours!), so in the meantime I will configure TCP Bypass and see how it goes.</P><P>We plan on configuring the VPN later as a back up.</P><P></P><P>Thanks again for suggestions, good info.</P></BODY></HTML> Tue, 11 Sep 2012 15:40:09 GMT https://community.cisco.com/t5/network-security/no-link-between-devices-on-the-inside-interface/m-p/2056559#M399630 Hamood Rehman 2012-09-11T15:40:09Z