Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5836
Views
5
Helpful
3
Replies

Allow Asymmetric Routing on ASA

Ronit Bhattacharjee
Level 1
Level 1

‎12-03-2020 05:06 AM

We have a situation as the attached image.Firewall Asymmetric.jpg

Forward flow : Traffic comes in on Port 1 and leaves Port 3

Reverse flow : Traffic comes in on Port 3 and leaves Port 2

 

As you see, there's asymmetry here and the ASA is dropping this flow. Is there a way to override this behavior and excuse this traffic using any commands?

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎12-03-2020 05:13 AM

Hi @Ronit Bhattacharjee 

Try TCP state bypass, example here.

 

HTH

0 Helpful

Karsten Iwen
VIP
VIP

‎12-03-2020 05:15 AM

First I would try everything to change the network implementation to remove the asymetry. If that all does not work, you can configure state bypass on the ASA. I would always see that as the last resort.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111986-asa-tcp-bypass-00.html

ngkin2010
Level 7
Level 7

‎12-04-2020 09:01 AM

Since the asymmetry route is happening on the same ASA, you may consider to configure a traffic zone to 'bundle' port1 & port2.

 

 

 

Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/interface-zones.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card