This occurs when requests to Microsoft services are routed over Express Route, but responses are routed back across the internet, or vice versa, and the responses are dropped by stateful network devices such as firewalls.The most common method you can use to meet the above requirements is to use source NAT, either implemented as a part of your network or provided by your Express Route carrier.A few precautions described below are recommended to ensure there is no impact to Internet based inbound flows from Office to on-premises systems.If the incoming connections are allowed onto a network segment with routing visibility into Express Route without source NAT, requests originating from Office will enter from the internet, but the response going back to Office will prefer the Express Route network path back to the Microsoft network, causing asymmetric routing.Plan for network security requirements Create a plan to meet your network security requirements and incorporate this into your updated network topology diagram.Design outbound service connectivity Express Route for Office has outbound network requirements that may be unfamiliar.
The endpoints must be public IP addresses, that are registered to your company or to carrier providing Express Route connectivity to you.
Explicitly accounting for these scenarios in your network and keeping all inbound network traffic flows over the Internet helps to minimize deployment and operational risk of asymmetric routing.
There may be cases where you may choose to direct some inbound flows over Express Route connections.
This additional overhead includes, managing risks of asymmetric routing and will require you to carefully manage routing advertisements and policies across multiple dimensions.
Update your network topology plan to show how you would avoid asymmetric routes You want to avoid asymmetric routing to ensure people in your organization can seamlessly use Office as well as other important services on the internet.
There are two common configurations customers have that cause asymmetric routing.