Ovveriding Stateful Inspection Policy between 2 Networks (or interfaces)

Unanswered Question
Apr 5th, 2007
User Badges:

Hi All,

Using ASA 7.x, is it possible NOT to inspect traffic (act only as router) between 2 Networks?

We have this case of a primary and secondary site where communication is required between primary and secondary site, using a dedicated interface on Firewall without any "stateful firewalling".

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sebastan_bach Thu, 04/05/2007 - 03:16
User Badges:

since the pix is a dedicated stateful firewall u cannot disable stateful firewalling in it. and if u don;t need a stateful firewallijng then why do u have the pix with u .



David White Thu, 04/05/2007 - 07:39
User Badges:
  • Cisco Employee,

Clarify what you mean by "stateful firewalling". If you want to disable the TCP state checks, then this is possible, but we cannot disable all checks, like IP header checks, and options checks, etc... But if you just want to disable the requirement for symmetric traffic and windowing, etc.. Then this is possible.



pavlosd Sun, 06/03/2007 - 06:26
User Badges:

Let's say that TCP state checks is what we are trying to achive.

We are dealing with a protocol that uses dedicated ports per client and at any stage the server may choose to communicate with the client on the specific client port. So what we noticed is that sometimes if a connection does not "end" normally with a FIN the session hangs.....

Can you include an example?


This Discussion