I recently upgraded a customer from a PIX 525 (running 7.0 code) to a pair of ASA 5550s in active/standby mode. The ASA runs 8.02. The customer uses a software identity service called Trusted Network Technologies 'Identity', which communicates with a server on the outside of the firewall. The software requires that TCP sequence number randomization be turned off, and that the TCP Urgent flag status is preserved through the firewall.
After upgrading to the ASA, the TNT software no longer functions. The software vendor is telling me that there may be some conflicts in the ACLs used for NAT and the TCP map.
Here is the portion of the config that I believe to be relevant. Any ideas?
access-list global_mpc extended permit ip any y.y.0.0 255.255.0.0
match access-list global_mpc
set connection random-sequence-number disable
set connection advanced-options OCDE-map
global (outside) 101 x.x.x.127 netmask 255.255.255.0
global (outside) 103 x.x.x.129 netmask 255.255.255.0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :