Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

tcp bypass vs asr-group

I am a bit confused on the usage of these two features on the ASA

are they meant to achieve the same thing ...

if they differ can someone highlight their use with any example

thanks

Ambi

Everyone's tags (1)
1 REPLY
Cisco Employee

Re: tcp bypass vs asr-group

There are differnt features.

TCP state bypass doesn't check the state of a TCP connections. For example if you see a packet that doesn't correspond to the sequence number expected for the TCP conn, the firewall will not drop it like it would do normally.

The ASR groups are for a similar issue but in Activeve/Active failover. If a packet leaves one unit but the response comes back through the peer unit the ASR group will allow it even though normally the other unit didn't know about the connection and would have dropped it.

So, they practically correspond to a similar issue but they are different features.

I hope it helps.

PK

329
Views
0
Helpful
1
Replies
CreatePlease login to create content