04-19-2022 08:42 AM - edited 05-02-2022 03:30 AM
04-20-2022 12:44 PM
First step in troubleshooting check ACL/NAT and Out interface
asa# packet-tracer input Interface tcp x.x.x.x 12345 y.y.y.y 80 detail
do packet-tracer elect the interface and x.x.x.x and y.y.y.y to check the traffic if it pass use PBR or pass use default route.
For example
access-list VRF01_To_ServiceProvider2 extended permit ip object-group VRF01_VLANS any<- use the VRF01_VLANS to specify the x.x.x.x and y.y.y.y will be any ip.
interface is VRF01-ASA-HANDOFF
we must get the Out interface is which we config in PBR.
04-19-2022 09:02 AM
- You may find this document useful : https://techbloc.net/archives/1082
M.
04-19-2022 09:17 AM - edited 04-19-2022 11:33 AM
ASA with PBR ? that meaning you have dual ISP connect to ASA ?
can I see the config of PBR and if you use IP SLA also please can I see the config of IP SLA ?
Are the traffic is UDP ? if Yes try floating-timeout command
04-20-2022 04:53 AM - edited 05-02-2022 03:31 AM
Thanks for reply
04-20-2022 09:22 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux86596
M.
04-20-2022 12:20 PM
Its using the version 9.13(1) so doesnt seems to be this bug causing the issue .
04-20-2022 09:51 PM
- Can't be sure of that - from bug report -> Known Fixed Releases (0)
M.
04-20-2022 12:44 PM
First step in troubleshooting check ACL/NAT and Out interface
asa# packet-tracer input Interface tcp x.x.x.x 12345 y.y.y.y 80 detail
do packet-tracer elect the interface and x.x.x.x and y.y.y.y to check the traffic if it pass use PBR or pass use default route.
For example
access-list VRF01_To_ServiceProvider2 extended permit ip object-group VRF01_VLANS any<- use the VRF01_VLANS to specify the x.x.x.x and y.y.y.y will be any ip.
interface is VRF01-ASA-HANDOFF
we must get the Out interface is which we config in PBR.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: