Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an ASA configured using VTI to have two tunnels (to AWS). This is causing an issue with asymmetric traffic.
This Cisco support doc details using a route map to set the metric on the BGP routes, to ensure symetric traffic e.g.
route-map to...
Hi,I'm unable to excute "show mac-address-table" on an ASA5512, running 9.1(1). The output is: asa-test# show mac-address-table ^ERROR: % Invalid input detected at '^' marker.Has the command changed for this model / version? It works ...
Hi,I'm unable to excute "show mac-address-table" on an ASA5512, running 9.1(1). The output is: asa-test# show mac-address-table ^ERROR: % Invalid input detected at '^' marker.Has the command changed for this model / version? It works ...
Hi,I have an inside host configured with it's own external IP (not the outside IP), that seems to be ignoring the ACL configured for the outside interface. All traffic is passing.My config looks like this:interface Vlan1 nameif inside security-level ...
We have an ASA configured to access the internet, which works fine for clients who have an IP address assigned by DHCP, but not for clients with manually assigned IPs.For instance, with the DHCP server configured to give IP addresses between 172.16.1...
Hi Richard,Over two years later and I'm revisiting this issue. I misunderstood AWS' note about not using Weight or Local Preference - it seems it is only applicable to active / active tunnel setups (where the gateway support asymmetric traffic) (from...
Thank you Richard, that is an accurate summary. Thank you for your suggestion, unfortunately, AWS suggest against using weight or local preference as it interferes with their mechanism for maintenance, which centres around MED: "To ensure that the up...
Hi All, Thanks for your interest and help. Apologies, it seems my previous post disappeared. I think the problem may lie with AWS as they say in their docs one can only rely on med for path selection, but they then advertise with equal metrics. Here ...
Thank you Paul. I've read up on AWS recommendations and it looks like using anything other than MED would prevent the redundant tunnel from operating as intended. From AWS: Some info from AWS. It sounds to me like AWS should be advertising its routes...
Hi MHM Cisco World, Georg Pauwen, Richard Burts, paul driver,
Thanks very much for your interest and your time.
This is the current router config:
router bgp 65000
bgp log-neighbor-changes
address-family ipv4 unicast
neighbor 169.254.83.249 ...
