04-24-2007 05:19 AM - edited 03-11-2019 03:03 AM
I have a temporary situation where I need to allow traffic where both tx and rx do not take the same path.
Sometimes the originating traffic will go through the ASA, and sometime the return traffic will go through the ASA.
Please don't tell me that I need to create two-way rules! Please tell me that there is a magical one-liner or a checkbox somewhere to allow this.
05-03-2007 05:59 AM
To my knowledge, only in BGP you can set the rules in policy map for applying the rules for the it attributes. In pix other than access list to apply the rules in interface may end up with your solution.
05-03-2007 07:16 AM
Here's what it takes to allow out-of-state traffic (or asymmetrical routing as I've seen cisco refer to it as).
static (
failover timeout -1
Example
static (server-net-a,server-net-b) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 norandomseq nailed
static (server-net-b,server-net-a) 10.0.1.0 10.0.1.0 netmask 255.255.255.0 norandomseq nailed
failover timout -1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide