I need help please!
We have an ASA firewall with multiple VLAN's configured. It is an old environment where we have servers configured with multiple NIC's with different IP addresses all in different subnets. We have a desktop VLAN, on the same ASA, with multiple VM desktops that need to connect to each interface of the server.
As the server only has one default gateway, we have enabled TCP state bypass on the firewall to allow asymmetric routing.
Here is a quick break down...
Server:
NIC1 / VLAN 100 / 192.168.100.4/24
NIC2 / VLAN 41 / 192.168.4.9/24 - Default Gateway of 192.168.4.1
The desktop is on VLAN 517 with IP 192.168.127.151/24
At the moment the desktop is only able to connect to the interface with the default gateway on (192.168.4.9)
When we try and connect to the other IP address (192.168.100.4) it fails. I see the logs showing that it has created a TC state bypass connection but then it is following with a "routing failed to locate next hop" message.
Here is an example of the logs on the ASA when I try to SSH to NIC1...
1/ Built TCP state-bypass connection 234566 from VL100:192.168.100.4/22 to VL517:192.168.127.151/1412
2/ Built TCP state-bypass connection 123455 from VL517:192.168.127.151/1412 to VL41/192.168.100.4/22
3/ Failed to locate next hop for TCP from VL517:192.168.127.151/1412 to VL41:192.168.100.4/22
Notice in the 2nd log entry it shows VLAN 41 but the IP address of VLAN 100. Same applies to the destination VLAN/IP on entry 3.
No idea what is going on as they are all connected interfaces so it shouldn't have to route anywhere!
Any help would be appreciated!