Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

permitting sctp traffic on a asa 5500

Hi,

I have a asa 5500 connected to 3 zones, 1. User access zone, 2. server access zone and 3 the internet zone. Now i need to permit sctp traffic with port 7777 etc... between user access zone to server access zone.

The customer doesnot want any ip-ip based flow, and since sctp neither categorizes as tcp / udp how do i create the acl for this.

I am not able to even group these ports using

"object-group service permit_sctp_ports"

command.

Could you please help me with this.

5 REPLIES

Re: permitting sctp traffic on a asa 5500

I don't believe the ASA supports SCTP. You'll have to encapsulate it into UDP then ACL and inspect as normal.

New Member

Re: permitting sctp traffic on a asa 5500

Hi Collin,

If i am to proceed with your approach of encapsulating the sctp packet into udp in order to permit/restrict/inspect the flow, could you please walk me through the configs required for this .

Re: permitting sctp traffic on a asa 5500

I'm afraid I don't have much experience with SCTP protocol. Once encapsulated into UDP, I can help you get the traffic through the firewall.

New Member

Re: permitting sctp traffic on a asa 5500

darn! been struggling with this since quite a while, if its encapsulated into udp i can handle the traffic flow, problem now changes onto " How do i encapsulate a packet (sctp / likewise ) into a udp packet. Is it possible to do the encapsulation on an ASA?

Re: permitting sctp traffic on a asa 5500

Afraid not. I believe it needs to be done on the client side.

896
Views
0
Helpful
5
Replies