cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
765
Views
0
Helpful
3
Replies

No link between devices on the inside interface

Hamood Rehman
Beginner
Beginner

Hello Support Community,

We are in the process of setting up a DR site. DR site has network up and running and can talk to internet and the corporate site. Corporate site however can not talk to the DR site because the ASA at the DR site drops the TCP ACK SYN because the SYN from Corp does not go through the DR ASA. DR ASA sees the ACK SYN because it is the default gateway of DR servers. Please see the simplified diagram.

Any suggestions? Thanks.

2 Accepted Solutions

Accepted Solutions

Julio Carvajal
Advisor
Advisor

Hello Hamood,

This is the expected behavior of a security firewall as he is seeing an asymetric flow ( Routing issue)

The work around is the TCP state bypass policy,

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml

Rate all the answers, for the community that is as important as a thanks

Regards,

Juliio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

edatwyler
Beginner
Beginner

My preferred method would be to bring the routing at the DR site down to the switch if that point to point link is your preferred  connection.  Or, you could figure out a way to send Corp-To-DR traffic over your VPN tunnel.

View solution in original post