
When you have redundant [VPN](/vpn) connections to [AWS](/how-to-study-amazon-aws) using a Cisco [ASA](/asa), and you have configured [BGP](/bgp) routing, asymmetric [routing](/routing) will typically take place. Communication that is sent out via one tunnel is responded to via the other. 

The ASA is configured to drop responses that arrive asymmetrically by default.

There are several solutions that have been successfully applied, although the best approach is to discuss your requirements with AWS staff.

Links:

https://forum.networklessons.com/t/asa-vpn-vti-tunnels-to-aws-with-asymmetric-bgp-routing/33890/2?u=lagapides

BGP Asymmetric routing when using ASA with AWS

BGP - Network Layer Reachability Information (NLRI)

BGP - Next Hop Address Tracking vs Route Dampening

BGP - Outbound Route Filtering

BGP - RRs vs confederations

BGP - Synchronization Rule

BGP - TCP Peering Session Process

BGP - The BGP Table

BGP - Why is MED non-transitive

BGP - aggregate-address command in action

BGP - aggregate-address default route

BGP - aggregate-address with a single subnet

BGP - auto-summary best practices

BGP - auto-summary feature

BGP - definition of External BGP (eBGP)

BGP - definition of Internal BGP (iBGP)

BGP - eBGP loop prevention mechanism same AS number

BGP - eBGP next hop optimization

BGP - eBGP peerings

BGP - eBGP third party next hop

BGP - iBGP full-mesh peering

BGP - iBGP split horizon rule

BGP - multicast routing

BGP - multihop vs disable-connected-check

BGP - multipath in a DMVPN environment

BGP - multiprotocol BGP

BGP - network vs redistribute commands

BGP - next-hop-self vs update source

BGP - oldest path attribute

BGP - preventing transit traffic

BGP - redistributing iBGP routes into an IGP

BGP - remove private AS

BGP - route maps and using the continue clause

BGP - routing table entry without exit interface

BGP - transitive and non-transitive attributes

BGP - update-source command

BGP - using peer-groups with multiple outbound policies

BGP - using private ASNs with private IPs

BGP - using public IPs with private ASes

BGP - why is eBGP preferred over iBGP

BGP 4-Byte AS Number - Asdot notation

BGP 4-Byte AS Number - Asdot plus notation

BGP 4-Byte AS Number - Asplain notation

BGP AS Override feature

BGP AS number notation

BGP AS_PATH when using aggregate-address

BGP AS_TRANS

BGP Advertising a prefix

BGP Advertising a route using the Null0 exit interface

BGP Allow-AS in

BGP Attributes - route map direction

BGP Authentication

BGP Cluster ID

BGP Confederation peerings

BGP Confederations

BGP Default local preference and its appearance in the BGP table

BGP Equal cost multipath configuration syntax

BGP Equal cost multipath

BGP Extended Community

BGP ISPs prefixes advertised to enterprise edge routers

BGP Influencing incoming traffic

BGP Influencing outgoing traffic

BGP Load balancing

BGP Maximum Prefix Feature

BGP Maximum message size

BGP Next Hop Address Tracking

BGP Origin AS Validation

BGP Originator ID

BGP RIB failure

BGP Route Reflector

BGP Standard Community

BGP Table Origin Code

BGP Update Groups

BGP Update Total Path Attribute Length field

BGP active and passive peers

BGP advertises only the best path by default

BGP advertising a default route

BGP aggregate-address

BGP and route tagging

BGP applying route maps to prefixes

BGP backdoor route

BGP communities

BGP community propagation

BGP community types

BGP configuring authentication on an established BGP session

BGP dmzlink-bw feature

BGP hold timer

BGP how MED attribute is compared

BGP installing a BGP-learned route into the routing table

BGP internal vs external

BGP neighbor activate command

BGP neighbor-group

BGP paths indicated in the show ip bgp command

BGP peer groups

BGP peer templates

BGP peering redundancy using loopbacks

BGP regular expressions - use of 4-Byte ASNs

BGP regular expressions - use of backslash for confederations

BGP risk of using the as-override feature

BGP route dampening penalty half-life