Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Ovveriding Stateful Inspection Policy between 2 Networks (or interfaces)

Hi All,

Using ASA 7.x, is it possible NOT to inspect traffic (act only as router) between 2 Networks?

We have this case of a primary and secondary site where communication is required between primary and secondary site, using a dedicated interface on Firewall without any "stateful firewalling".

3 REPLIES
New Member

Re: Ovveriding Stateful Inspection Policy between 2 Networks (or

since the pix is a dedicated stateful firewall u cannot disable stateful firewalling in it. and if u don;t need a stateful firewallijng then why do u have the pix with u .

regards

sebastan

Cisco Employee

Re: Ovveriding Stateful Inspection Policy between 2 Networks (or

Clarify what you mean by "stateful firewalling". If you want to disable the TCP state checks, then this is possible, but we cannot disable all checks, like IP header checks, and options checks, etc... But if you just want to disable the requirement for symmetric traffic and windowing, etc.. Then this is possible.

Sincerely,

David.

New Member

Re: Ovveriding Stateful Inspection Policy between 2 Networks (or

Let's say that TCP state checks is what we are trying to achive.

We are dealing with a protocol that uses dedicated ports per client and at any stage the server may choose to communicate with the client on the specific client port. So what we noticed is that sometimes if a connection does not "end" normally with a FIN the session hangs.....

Can you include an example?

166
Views
0
Helpful
3
Replies
CreatePlease to create content