Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
1
Replies

TCP Bypass on ASA 5512 and BGP peering with two ISP

cisco2016
Level 1
Level 1

‎05-12-2018 06:48 AM

Hello

I have BGP peering with two ISP (defaults from the both of them), the problem is that I need to put only ASA on the perimeter? and ASA is not like asymmetrical traffic.

When I had configured TCP bypass I get a lot of the "No valid adjacency" messages, I can ping any address in the internet from PC in the DMZ,but as for websites  - the pages in the internet do not open  from PC (but some of the pages open sometimes).

When I stopped announce our PI IP addresses to one of the providers - all works well, the problem with the asymmetrical traffic.

There is the scheme in the attachment, config file and capture from ASA

The interface of ASA connected to DMZ have IP addrees from the  block our announced PI IP adresses, and we do not use NAT on this ASA.

Please help me to resolve this issue.

Labels:
Preview file
30 KB
logfile.txt.zip
config.txt.zip
0 Helpful
1 Reply 1

Nikolaj Pabst
Level 5
Level 5

‎06-06-2018 02:47 AM

Have you tried disable TCP Randomization?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card