Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

ASA5510 - Transparent mode - Asymetric routing, TCP state bypass

Hi all

I have a problem.

How does the ASA work in transparent mode with Asymetric routing ?

I realise that I will need to upgrade to v 8.2.1 since thats the version that TCP state bypass became available in.

and I have found some information about it in normal firewall mode.

But how does it work in transparent mode ?

The purpose:

I have a network with 2 routers, towards each of the routers there is a transparent firewall, any traffic sent trough one of the routers may come back through the other router. ie Asymetric routing.

Does anyone have information ? configuration examples ? good ideas ? bad ideas ? any ideas ?

Cisco Employee

Re: ASA5510 - Transparent mode - Asymetric routing, TCP state by

TCP State bypass works exactly in the same way on both routed and transparent firewall.

The only reason why you would configure TCP state bypass is if traffic inbound and outbound is not passed through the same firewall, hence the firewall will not be checking for the TCP state if the routing is assymetric.

Disabling the TCP state bypass will enhance the performance because firewall will not check for each tcp packet if the connection is already built. By enabling TCP state bypass, firewall will check each and every TCP packet will slightly decrease the firewall performance.

Here is more detailed information on TCP state bypass for your reference:

Hope that helps.

CreatePlease to create content