Lets say you have a primary site and DR site, each with a connection to a different ISP.
Each site has a PIX firewall between the border router and internal network.
I have read that it is extremely difficult (if not impossible) to force all traffic in a multihomed setup to come in and out of the same ISP connection.
What happens when a TCP session established from the primary site to the internet gets the reply packet at the DR site? Wouldn't the PIX firewall drop the packet because its ASA has no knowledge of the session (assuming you're using PAT)?
None of the documents on BGP seem the address this issue.
Thanks!
Each site has a PIX firewall between the border router and internal network.
I have read that it is extremely difficult (if not impossible) to force all traffic in a multihomed setup to come in and out of the same ISP connection.
What happens when a TCP session established from the primary site to the internet gets the reply packet at the DR site? Wouldn't the PIX firewall drop the packet because its ASA has no knowledge of the session (assuming you're using PAT)?
None of the documents on BGP seem the address this issue.
Thanks!
