https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217005#M418409 <HTML><HEAD></HEAD><BODY><P>The only way to disable the STATE check on the ASA (bypass the 3 way handshake for example) is to use the static nat command with the "nailed" option as well as the failover timeout </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075</A></P></BODY></HTML> Tue, 03 Feb 2009 02:07:35 GMT Ivan Martinon 2009-02-03T02:07:35Z https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217004#M418407 <P>Hi, all</P><P></P><P>I have one ASA 5510 with software 7.0, configurated as transparent firewall. Now I want to disable its stateful check, Anyone can tell me whether it support this feature? If its a routed firewall,can it support, And what is the command?</P><P></P><P>Very Thanks</P><P></P><P>Tao</P> Fri, 21 Feb 2020 11:15:20 GMT https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217004#M418407 hetao1601 2020-02-21T11:15:20Z https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217005#M418409 <HTML><HEAD></HEAD><BODY><P>The only way to disable the STATE check on the ASA (bypass the 3 way handshake for example) is to use the static nat command with the "nailed" option as well as the failover timeout </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075</A></P></BODY></HTML> Tue, 03 Feb 2009 02:07:35 GMT https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217005#M418409 Ivan Martinon 2009-02-03T02:07:35Z https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217006#M418410 <HTML><HEAD></HEAD><BODY><P>imartino</P><P></P><P>Very thanks for your reply.</P><P></P><P>1. From the explanation, it said nailed is used with 'failover timeout' command. What is that mean? I just want to disable the state check, so that asymmetric route traffic can pass through the pix. Can it support that? </P><P></P><P>BTW, I'd like to know whether it can be used on the transparent mode since it doesn't have the 'static' command.</P><P></P><P>2. It seem the following command is related with tcp state check.</P><P> invalid-ack {allow | drop} </P><P> Am I right?</P><P></P><P>Any reply is very appreciated!</P><P></P><P>Tao</P><P></P><P></P><P></P><P></P></BODY></HTML> Tue, 03 Feb 2009 07:51:31 GMT https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217006#M418410 hetao1601 2009-02-03T07:51:31Z https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217007#M418412 <HTML><HEAD></HEAD><BODY><P>Regardless of transparent firewall statics are supported, and the failover timeout is a requirement when enabling "nailed" option. please take a look at the command reference:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075</A></P></BODY></HTML> Tue, 03 Feb 2009 15:10:39 GMT https://community.cisco.com/t5/network-security/can-pix-asa-disable-stateful-check/m-p/1217007#M418412 Ivan Martinon 2009-02-03T15:10:39Z