Hi,

I have the following problem :

In my datacenter I have an Internet gateway, my ASA, a local network and another gateway to my private network (MPLS).

The gateway to my network is on the inside network of the ASA.

I also have a lot of servers on the same inside network.

So, the ASA inside network, the MPLS gw and the servers are on the same network (192.168.2.0/24)

The ASA is the default router for my servers.

I can't get a connection from any client in the MPLS network to my servers.

I tracked down the problem and I think that the problem is the following:

When a TCP connection is initiated from my servers, it goes to the ASA then to the MPLS.

But when the ACK comes back from the MPLS, it goes directly to the server, so the ASA tears down the connection.

Same thing the other way around.

My servers can ping to the MPLS (ICMP is stateless) but clients from the MPLS can't ping the servers.

In my lab, I tried using a third interface for the MPLS and everything works fine.

I also changed the default router to be the MPLS gw and it also works fine.

But, in the real world, I have no control over both gateways so I can't change the networking settings.

I'm not allowed to use the MPLS gateway as default router for my servers.

And changing all the my servers IP is not an acceptable solution.

The question is : is there a way to simply route the packets from the inside LAN to the MPLS network without inspecting them at all ?

Thanks,

David