topic Re: How we can Scheule TCP connect in ciscoASA IOS 9.* Version in Network Security https://community.cisco.com/t5/network-security/how-we-can-scheule-tcp-connect-in-ciscoasa-ios-9-version/m-p/5273755#M1120202 <P>For TCP scheduling on Cisco ASA with IOS 9.*, you can't utilize IP SLA or IP MONITOR because they are not supported on ASA appliances, but a decent workaround is to route the traffic to a router that is connected and supports these commands to generate periodic TCP packets. Another alternative is to activate TCP Keepalive on the ASA to keep it open, or utilize a customized script on a separate appliance to generate TCP packets on a periodic interval. Third-party monitoring tools like SolarWinds or PRTG can also be used to generate simulated traffic and keep the tunnel open.-zone traffic with a zone-pair configuration in the Zone-Based Firewall (ZBF). As a workaround, you can use internal DNS to resolve fish.example.com to 10.0.0.107 so that local clients do not require hairpin NAT, or you can use a NAT loopback configuration if your platform supports it. Also, verify and update your ZBF rules to permit intra-zone traffic explicitly.</P> Fri, 21 Mar 2025 04:23:59 GMT sdroy 2025-03-21T04:23:59Z How we can Scheule TCP connect in ciscoASA IOS 9.* Version https://community.cisco.com/t5/network-security/how-we-can-scheule-tcp-connect-in-ciscoasa-ios-9-version/m-p/5273686#M1120200 <P>Hi ALL,</P> <P>&nbsp;</P> <P>IP SLA,IP MONITOR these commands are not working in asa firewall,is there any alternate to schedule tcp traffic to bring tunnel up. or else can we&nbsp;send traffic from router through asa firewall to destination to bring tunnel up is this works.</P> <P>&nbsp;</P> <P>Thanks</P> Fri, 21 Mar 2025 04:21:26 GMT https://community.cisco.com/t5/network-security/how-we-can-scheule-tcp-connect-in-ciscoasa-ios-9-version/m-p/5273686#M1120200 srikanth-setty 2025-03-21T04:21:26Z Re: How we can Scheule TCP connect in ciscoASA IOS 9.* Version https://community.cisco.com/t5/network-security/how-we-can-scheule-tcp-connect-in-ciscoasa-ios-9-version/m-p/5273755#M1120202 <P>For TCP scheduling on Cisco ASA with IOS 9.*, you can't utilize IP SLA or IP MONITOR because they are not supported on ASA appliances, but a decent workaround is to route the traffic to a router that is connected and supports these commands to generate periodic TCP packets. Another alternative is to activate TCP Keepalive on the ASA to keep it open, or utilize a customized script on a separate appliance to generate TCP packets on a periodic interval. Third-party monitoring tools like SolarWinds or PRTG can also be used to generate simulated traffic and keep the tunnel open.-zone traffic with a zone-pair configuration in the Zone-Based Firewall (ZBF). As a workaround, you can use internal DNS to resolve fish.example.com to 10.0.0.107 so that local clients do not require hairpin NAT, or you can use a NAT loopback configuration if your platform supports it. Also, verify and update your ZBF rules to permit intra-zone traffic explicitly.</P> Fri, 21 Mar 2025 04:23:59 GMT https://community.cisco.com/t5/network-security/how-we-can-scheule-tcp-connect-in-ciscoasa-ios-9-version/m-p/5273755#M1120202 sdroy 2025-03-21T04:23:59Z