{"id":5325,"date":"2021-10-08T23:20:56","date_gmt":"2021-10-08T23:20:56","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=5325"},"modified":"2021-10-08T23:20:56","modified_gmt":"2021-10-08T23:20:56","slug":"asymmetric-routing-devices-with-two-ip-address-on-different-subnet-replay-problem","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/asymmetric-routing-devices-with-two-ip-address-on-different-subnet-replay-problem","title":{"rendered":"Asymmetric routing &#8211; Devices with Two IP Address on Different Subnet Replay problem"},"content":{"rendered":"<p>You have a device connected to a Router ( Fortigate for this case ) with two IP&#8217;s on different Subnets<\/p><ul><li>You try and speak to the Device on IP1<\/li><li>Using best path traversal it comes back on the other IP2<\/li><li>Due to this, the Packets are out of Sync ( and the Router drops the Requests coming from the other IP as it should of been coming back on IP1 )<\/li><li>This is to stop this attack <a href=\"https:\/\/en.wikipedia.org\/wiki\/Replay_attack\">https:\/\/en.wikipedia.org\/wiki\/Replay_attack<\/a> &#8211; <a href=\"https:\/\/docs.fortinet.com\/document\/fortigate\/7.0.1\/administration-guide\/139692\/routing-concepts\">the firewall tries to ensure symmetry in its traffic by using the same source-destination combination\u00a0<\/a><\/li><\/ul><p><strong>Solutions<\/strong><\/p><ul><li>Disable Anti Replay <a href=\"https:\/\/kb.fortinet.com\/kb\/documentLink.do?externalID=FD47428\">https:\/\/kb.fortinet.com\/kb\/documentLink.do?externalID=FD47428<\/a> , Confirm Access and Communication on IP2 , Disable IP1 , Re-enable Anti Replay<\/li><li>Remove Gateway for the IP2 and speak to it via the Switch in the same Vlan instead of via a router<\/li><li>Change the Reply to come back out the same interface with App Config <a href=\"https:\/\/unix.stackexchange.com\/questions\/4420\/reply-on-same-interface-as-incoming\">https:\/\/unix.stackexchange.com\/questions\/4420\/reply-on-same-interface-as-incoming<\/a><\/li><\/ul><p>&nbsp;<\/p><p id=\"NyqSWYn\"><img loading=\"lazy\" decoding=\"async\" width=\"886\" height=\"387\" class=\"alignnone size-full wp-image-5327  img-responsive\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/10\/img_6160d00d84c21.png\" alt=\"\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/10\/img_6160d00d84c21.png 886w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/10\/img_6160d00d84c21-300x131.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/10\/img_6160d00d84c21-768x335.png 768w\" sizes=\"auto, (max-width: 886px) 100vw, 886px\" \/><\/p>","protected":false},"excerpt":{"rendered":"<p>You have a device connected to a Router ( Fortigate for this case ) with two IP&#8217;s on different SubnetsYou try and speak to the Device on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3604,3600,3601,1251,1250,3603,1095,3602],"class_list":["post-5325","post","type-post","status-publish","format-standard","hentry","category-research","tag-anti-replay","tag-anti-reply","tag-device-two-ips","tag-fortigate","tag-fortinet","tag-replay","tag-reply","tag-subnet"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=5325"}],"version-history":[{"count":2,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5325\/revisions"}],"predecessor-version":[{"id":5329,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/5325\/revisions\/5329"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=5325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=5325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=5325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}