Remove Skinny from one conversation

Unanswered Question
Sep 27th, 2007
User Badges:

We have an ASA 5520 running 7.2(2). I am familiar with the Pix and 6.3 but am just getting to know the ASA and 7.x. Here is my problem. We have an internal user who connects to an outside server via http. Fine no problem, now this http session spawn off another session on tcp port 2000 and this is a problem as the ASA then inspects this session, it is not a "skinny" session so the ASA kills it. If we turn off " inspect skinny" then it works correctly. Global removal of the "inspect skinny" is not an option for us, so how can I selectivtly remove the "inspect skinny" from this one conversion. It seems as if MPF should allow this but I can not seem to find the right combination of "class, policy maps" and service-policy to accomplish the task. Any guidance would be appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jogillis Wed, 10/03/2007 - 07:11
User Badges:

Turns out to be fairly easy, once you study how MPF works. One access-list, one class-map and an addition to the global policy and you are all set.


This Discussion