Solved

Asymmetric Routing (Firewall)

Posted on 2016-09-12
3
61 Views
Last Modified: 2016-10-09
Is it possible to have asymmetric routing from a stateful firewall?  The firewall will keep the connections in the state table, but it not the way its routed?
0
Comment
Question by:PeraHoman
3 Comments
 
LVL 26

Accepted Solution

by:
Predrag Jovic earned 250 total points
ID: 41795392
It is not possible if you perform natting on firewall. How will device that receive packets know where is located source of the traffic since there is no NAT table?
Typically for asymmetric routing you need two connected firewalls.
Asymmetric Routing and Firewalls
0
 

Assisted Solution

by:PeraHoman
PeraHoman earned 0 total points
ID: 41796999
Natting is done on the FW.  I was just wondering if this was possible.  

We see hits on our FW logs about traffic leaving our FW destined our Vendors public server, but there are no hits on return traffic from the Vendors server back to our FW.
0
 
LVL 13

Assisted Solution

by:SIM50
SIM50 earned 250 total points
ID: 41800357
It's not possible for dynamic NAT but possible for static NAT. Unlike dynamic, where entries are created in xlate table for the current traffic going through, static NAT entries are added upon the configuration and work for any direction. So if you would have two ASA's with the same static NAT and ACLs and configured tcp state bypass, it would be possible for asymmetric routing to happen.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now