Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Luciano_Cirino
Contributor

Problem with asymmetry

Good morning everyone,

We are facing an issue with a specific access. When trying to access it, the packet that should exit through the eth8.7 interface, one of the providers we have, is going out through another interface that is not configured.

Problem with asymmetry? Has anyone experienced this before?

Below is an image with the packet capture details.

0 Kudos
10 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

More details are likely required about your configuration, things like NAT and ISP redundancy config?

What does your routing table show as the correct egress path for the destination?

CCSM R77/R80/ELITE
the_rock
MVP Gold
MVP Gold

Make sure topology is correct and routes are also indeed right. Run ip r g command, ie ip r g 8.8.8.8

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold

Also, Im little confused by your statement "...is going out through another interface that is not configured"

How is that even possible?

Andy

Best,
Andy
0 Kudos
Luciano_Cirino
Contributor

I'm sorry for the lack of details in the previous explanation.

The packet enters through the interface eth8.7 (link A), goes through the inspection and NAT flow correctly, and then it is returned through eth8.8 (link B).

0 Kudos
the_rock
MVP Gold
MVP Gold

Question...is this brand new issue or just started recently? Any changes made?

 

Andy

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Can you please show the routing table output for this destination also is there any PBR configured that would match this traffic?

CCSM R77/R80/ELITE
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver

I would involve CP TAC asap to get this fixed...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Luciano_Cirino
Contributor

We would like to inform you that we are already in contact with the TAC. Thank you.

the_rock
MVP Gold
MVP Gold

What was done with TAC so far?

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold

If you could send us below from expert mode, would help, for sure.

route

netstat -nr

clish -c "show route all"

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events