Twitter Facebook

Jump to content



For Support/complaints mail to [email protected]

For Data center questions: Datacenter-IE.com & DC-IE.com & CCIEDatacenter-IE.com
For Routing and Switching questions: Router-IE.com & CCIERNS-IE.com
For Security questions: Security-IE.com & CCIESecurity-IE.com
For Wireless questions: Wireless-IE.com & CCIEWireless-IE.com
For Service Provider questions: ServiceProvider-IE.com & SP-IE.com & CCIEServiceProvider-IE.com
For Collaboration-IE questions : Collaboration-IE.com & CollaborationIE.com & CCIECollaboration-IE.com
For CCDE-IE questions - CCDE-IE.com
For JUNIPER-IE questions : JUNIPER-IE.com & JUNIPERIE.com


Photo

Cisco ASA Asymmetric Routing problem/UDP.............need help!!


4 replies to this topic

#1 PC167ZXX

 
PC167ZXX

    Newbie

  • Members
  • Pip
  • 1 posts
  • 0 thanks
 

Posted 18 January 2016 - 09:43 PM

   :huh: :huh:

I have udp traffic it supposed to  pass a ASA which  has outside interface and backup interface. But there are static routes on ASA  cause the traffic goes out from outside interface and goes back from backup interface.It should be the  asymmetric routing problem .How do I pass other non-TCP traffic like UDP on ASA  without  changing any route .............................?

 


  • lucky likes this

#2 lucky

 
lucky

    Member

  • Members
  • PipPip
  • 11 posts
  • 0 thanks
 

Posted 18 March 2016 - 05:51 AM

regarding Lab 7.... How do u access ISE (150.1.7.20)? becoz it is NATTED to 5.5.5.5 on ASA3... from SW6, we are able to ping 5.5.5.5 but when we configure it for Dot1x & MAB... like below... we get this error "radius server dead".... is it some NATTING issue or m i doing it wrong... ACLs for 1812,1813 are configured on path ASAs...

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting default start-stop group radius
aaa server radius dynamic-author
client 5.5.5.5 server-key cisco
!
ip radius source-interface vlan 16
ip device tracking
dot1x system-auth-control
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server host 5.5.5.5 auth-port 1812 acct-port 1813 key cisco
radius-server vsa send accounting
radius-server vsa send authentication
!
int gig1/0/1
switchport access vlan 22
switchport mode access
switchport voice vlan 19
spanning-tree portfast
authentication periodic
authentication port-control auto
authentication host-mode multi-auth
authentication order mab dot1x
mab
dot1x pae authenticator
no shut
!


#3 sechunter

 
sechunter

    Newbie

  • Members
  • Pip
  • 1 posts
  • 0 thanks
 

Posted 21 July 2016 - 12:56 PM

Hello All,

 

Anybody got the solution to fix the asymmetric routing issue for UDP ?



#4 technopunk

 
technopunk

    Newbie

  • Members
  • Pip
  • 9 posts
  • 0 thanks
 

Posted 25 July 2016 - 10:22 AM

Have you allowed return traffic on all asa in the path? How about radius ports? 1645 and 1646

#5 lavenderangel

 
lavenderangel

    Newbie

  • Members
  • Pip
  • 1 posts
  • 0 thanks
 

Posted 20 September 2016 - 05:51 PM

permit udp host 5.5.5.5 range 1812 1813 host 7.7.16.6 range 1645 1646  on Backup interface on ASA4 would help. But This wont work for ICMP and TCP as ASA4 would complain about no existing session . But it works for UDP , hence radius requests would be successful. But not sure if this is the right way though !!! :)





Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users