03-27-2019 02:22 PM - edited 02-21-2020 08:59 AM
While looking at Wireshark captures for users who use some APP on a machine which communicates with some remote server, I noticed multiple remote IPs. Would these IPs need to be added to an ACL as well if it is part of the same TCP connection?
03-27-2019 02:58 PM
Yes. ASA build 5 tuple connections based on Source IP, Destination IP, Protocol, Source Port and Destination Port. If any of these is different in a packet, it counts as a new connection. Your ACL's would need to be built accordingly.
03-27-2019 05:55 PM
03-27-2019 03:49 PM
bluebelt,
what does your acl look like that permits this traffic? and, if the destination changes, it is not part of the same connection anymore.
03-27-2019 05:54 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide