Showing results for 
Search instead for 
Did you mean: 

ASA BGP - setting metric

John N Smith

I have an ASA configured using VTI to have two tunnels (to AWS). This is causing an issue with asymmetric traffic.


This Cisco support doc details using a route map to set the metric on the BGP routes, to ensure symetric traffic e.g. 


route-map toAWS2 permit 10
 set metric 200

router bgp 65000
 address-family ipv4 unicast
  neighbor route-map toAWS2 out


show bgp

shows all external routes have a metric of 100. The route map seems to be ignored.


Is there a mistake in the support document? Do route maps require a `match` attribute?


Any help would be much appreciated,



1 Accepted Solution

Accepted Solutions

I am not clear on the current state of this discussion. So let me address what I believe have been the focuses of this discussion. You are using a route map to set metric (MED) for prefixes that you advertise to them, so that they will have a primary path and a backup path for how they send traffic to you. I think we can assume that this is working correctly. It does appear that the prefixes that they advertise to you are sent with equal attributes. If you wish to have the same type of primary path/backup path for traffic that you send to them it should work if you use a route map inbound and in that route map assign either weight or local preference. (if you have a single router communicating with them then either weight or local preference would be effective, but if you had more than 1 router talking to them then you would need to use local preference).



View solution in original post

20 Replies 20

Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor

Hi there,


show bgp

command will show you the BGP routing table containing the received prefixes and metrics. Since the AWS VPN are sending you prefixes with the same metric implies that the two VPN are equally preferred and the AWS TGW has probably been configured with 'VPN ECMP Support'. This option only appears when creating the TGW.


Carefully recreate the TGW looking for this option and re-attach the VPNs to the TGW. You should then hopefully see a higher mteric being recieved via one of your VPNs. It is this VPN peer that you apply the route-map with the higher metric to ensure symetric routing.




MHM Cisco World

Your config is right not issue,
if there is no match then by default it will match all prefix.