Hi Team,

    I have ASA failover bundle for one of the project and need one clarification about reverse route.

1. Before ASA i have a L3 3560 installed where three L3 vlan's are created. each SVI have following IP's.

   SVI1 : 192.168.1.1

   SVI2:192.168.2.1

   SVI3:192.168.3.1

2. Firewall is connected to SVI1 interface and 192.168.1.5 is assigned to the firewall.

So now in order to communicate other subnets with firewall i should have reverse route as below.

route inside 192.168.2.0 255.255.255.0 192.168.1.1

route inside 192.168.3.0 255.255.255.0 192.168.1.1

Today i have some issues with one of the Vlan. I.e VLAN 3 is not able to connect to applications which are after firewall. When i have checked the reverse route for that subnet notice below entry.

route inside 192.168.3.0 255.255.255.0 192.168.3.1

when i have changed the next hope to 192.168.1.1 then it started working. 

Until here is very expected behavior .

*** key thing to notice: i have verified the backup firewall configuration for couple of months and noticed the reverse route for 192.168.3.0/24 is pointed to 192.168.3.1 only and none of the team complained about connectivity issue. I have a confusion here how this worked till now.

Note :- we upgraded IOS from 8.3 to 8.4 and then to 9.1.7 . after 3 hours of upgradation we got this issue.

Can some please explain how it was working from last 3 years