Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
2
Replies

Intra-Interface Communications

Go to solution
wkamil123
Level 1
Level 1

‎07-12-2010 01:57 AM - edited ‎03-11-2019 11:10 AM

Hello,

I have problem with communications through ASA to MS exchange server.

I'm testing new connection to the internet and ASA is a default-gateway for my VLAN (user VLAN).

It's a similar problem described in this doc 'http://www.cisco.com/en/US/partner/products/ps6120/products_tech_note09186a0080734db7.shtml'

The diferrence is that I'm connected to L3 switch but it doesn't matter in this situation.

All services (DNS, DHCP) in LAN works but I have problem with connection to exchange server only.

That mentioned services are VLAN's separated and on ASA is static routing added to this networks.

I have  no ACL blocking traffic on inside interface.

Does  anyone have a similar problem?


Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-12-2010 05:49 AM

Hello,

Seems like you are referring to Assymmetric routing problem. In such a situation, all non-connection oriented traffic will work fine. But conneciton oriented traffic (TCP based) will suffer. You have couple of options. The easiest one is to make the L3 switch as the gateway for your exchange server. This way, the switch will make the routing decision for the exchange traffic and will deliver all local lan traffic to respective VLAN interfaces and internet traffic to the firewall. The other option, if you are running 8.2 code version, is to configure TCP state bypass. This will ask the firewall not to keep track of the TCP status of certain traffic. Here is a document that outlines the configuration requirements for TCP State bypass.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.pdf

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-12-2010 05:49 AM

Hello,

Seems like you are referring to Assymmetric routing problem. In such a situation, all non-connection oriented traffic will work fine. But conneciton oriented traffic (TCP based) will suffer. You have couple of options. The easiest one is to make the L3 switch as the gateway for your exchange server. This way, the switch will make the routing decision for the exchange traffic and will deliver all local lan traffic to respective VLAN interfaces and internet traffic to the firewall. The other option, if you are running 8.2 code version, is to configure TCP state bypass. This will ask the firewall not to keep track of the TCP status of certain traffic. Here is a document that outlines the configuration requirements for TCP State bypass.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.pdf

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
wkamil123
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-12-2010 07:46 AM

The TCP State bypass resolved problem.

Thanks for your help.

Regards Kamil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card