Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remove Skinny from one conversation

We have an ASA 5520 running 7.2(2). I am familiar with the Pix and 6.3 but am just getting to know the ASA and 7.x. Here is my problem. We have an internal user who connects to an outside server via http. Fine no problem, now this http session spawn off another session on tcp port 2000 and this is a problem as the ASA then inspects this session, it is not a "skinny" session so the ASA kills it. If we turn off " inspect skinny" then it works correctly. Global removal of the "inspect skinny" is not an option for us, so how can I selectivtly remove the "inspect skinny" from this one conversion. It seems as if MPF should allow this but I can not seem to find the right combination of "class, policy maps" and service-policy to accomplish the task. Any guidance would be appreciated.

Thanks

1 REPLY
New Member

Re: Remove Skinny from one conversation

Turns out to be fairly easy, once you study how MPF works. One access-list, one class-map and an addition to the global policy and you are all set.

112
Views
0
Helpful
1
Replies
CreatePlease login to create content