Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Gold

ASA5510 - Transparent mode - Asymetric routing, TCP state bypass

Hi all

I have a problem.

How does the ASA work in transparent mode with Asymetric routing ?

I realise that I will need to upgrade to v 8.2.1 since thats the version that TCP state bypass became available in.

and I have found some information about it in normal firewall mode.

But how does it work in transparent mode ?

The purpose:

I have a network with 2 routers, towards each of the routers there is a transparent firewall, any traffic sent trough one of the routers may come back through the other router. ie Asymetric routing.

Does anyone have information ? configuration examples ? good ideas ? bad ideas ? any ideas ?

1 REPLY
Cisco Employee

Re: ASA5510 - Transparent mode - Asymetric routing, TCP state by

TCP State bypass works exactly in the same way on both routed and transparent firewall.

The only reason why you would configure TCP state bypass is if traffic inbound and outbound is not passed through the same firewall, hence the firewall will not be checking for the TCP state if the routing is assymetric.

Disabling the TCP state bypass will enhance the performance because firewall will not check for each tcp packet if the connection is already built. By enabling TCP state bypass, firewall will check each and every TCP packet will slightly decrease the firewall performance.

Here is more detailed information on TCP state bypass for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1428242

Hope that helps.

1373
Views
0
Helpful
1
Replies
CreatePlease to create content