04-19-2022 08:42 AM - edited 05-02-2022 03:30 AM
04-20-2022 12:44 PM
First step in troubleshooting check ACL/NAT and Out interface
asa# packet-tracer input Interface tcp x.x.x.x 12345 y.y.y.y 80 detail
do packet-tracer elect the interface and x.x.x.x and y.y.y.y to check the traffic if it pass use PBR or pass use default route.
For example
access-list VRF01_To_ServiceProvider2 extended permit ip object-group VRF01_VLANS any<- use the VRF01_VLANS to specify the x.x.x.x and y.y.y.y will be any ip.
interface is VRF01-ASA-HANDOFF
we must get the Out interface is which we config in PBR.
04-19-2022 09:02 AM
- You may find this document useful : https://techbloc.net/archives/1082
M.
04-19-2022 09:17 AM - edited 04-19-2022 11:33 AM
ASA with PBR ? that meaning you have dual ISP connect to ASA ?
can I see the config of PBR and if you use IP SLA also please can I see the config of IP SLA ?
Are the traffic is UDP ? if Yes try floating-timeout command
04-20-2022 04:53 AM - edited 05-02-2022 03:31 AM
Thanks for reply
04-20-2022 09:22 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux86596
M.
04-20-2022 12:20 PM
Its using the version 9.13(1) so doesnt seems to be this bug causing the issue .
04-20-2022 09:51 PM
- Can't be sure of that - from bug report -> Known Fixed Releases (0)
M.
04-20-2022 12:44 PM
First step in troubleshooting check ACL/NAT and Out interface
asa# packet-tracer input Interface tcp x.x.x.x 12345 y.y.y.y 80 detail
do packet-tracer elect the interface and x.x.x.x and y.y.y.y to check the traffic if it pass use PBR or pass use default route.
For example
access-list VRF01_To_ServiceProvider2 extended permit ip object-group VRF01_VLANS any<- use the VRF01_VLANS to specify the x.x.x.x and y.y.y.y will be any ip.
interface is VRF01-ASA-HANDOFF
we must get the Out interface is which we config in PBR.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide