Thanks for the reply,because I get confused.

I made changes to routing table of my end router, which will direct the packet to the path other than previous one. So remote site packet will come in path A, but my packet go there in path B.

End up I could not access remote site services, e.g. lotus notes, but I can ping with inconsistent reply.

Could anyone enlighten me whether is this so-called 'out of state' packet?

What do you mean by an out of state packet ? Are you sure the routing is fine along the other path ? No bandwidth choking or route flapping ec. We do a lot of asymmetrical routing and they work fine. Can u paste ur config if possible

Thanks again for the reply :). I can only access the router at my end but not other sites, so I dun think if I paste the configuration here will be meaningful.

And I am sure the other path work just fine.

Because the scenario above gave me 'out of state packet' and therefore being blocked in my checkpoint firewall(stateful), and only after I remove the specific route entry in my routing table so that the packet destined for remote site will follow the same path as how remote site will come to my site, it would back to normal.

Any issue with asymmetric routing and firewall?

If i have a firewall, i would prefer always a symmetric path simply because unlike a router which looks at the routing table, a firewall would look at state ( flow). So i wudnt take any risks . I think it would be worth a try . Let me know the results if you do try it.

Yes, the result is known. The destination end firewall will block the traffics and put a reason 'TCP packet out of state:xxxx', possibly the TCP Sync and Sync ACK not received in order.

As this is a feature to prevent DoS pattern of attack.

Cool. This is like a RPF on a router to block DOS attacks. Thanx a lot