ASA5510 - Transparent mode - Asymetric routing, TCP state bypass

Unanswered Question
Jun 16th, 2010
User Badges:
  • Gold, 750 points or more

Hi all


I have a problem.


How does the ASA work in transparent mode with Asymetric routing ?

I realise that I will need to upgrade to v 8.2.1 since thats the version that TCP state bypass became available in.

and I have found some information about it in normal firewall mode.

But how does it work in transparent mode ?


The purpose:

I have a network with 2 routers, towards each of the routers there is a transparent firewall, any traffic sent trough one of the routers may come back through the other router. ie Asymetric routing.


Does anyone have information ? configuration examples ? good ideas ? bad ideas ? any ideas ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Thu, 06/17/2010 - 08:54
User Badges:
  • Cisco Employee,

TCP State bypass works exactly in the same way on both routed and transparent firewall.

The only reason why you would configure TCP state bypass is if traffic inbound and outbound is not passed through the same firewall, hence the firewall will not be checking for the TCP state if the routing is assymetric.

Disabling the TCP state bypass will enhance the performance because firewall will not check for each tcp packet if the connection is already built. By enabling TCP state bypass, firewall will check each and every TCP packet will slightly decrease the firewall performance.


Here is more detailed information on TCP state bypass for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1428242


Hope that helps.

Actions

This Discussion

Related Content