11-06-2012 01:59 AM - edited 03-11-2019 05:19 PM
Hi,
I have a problem with allowing this "RELOAD" framing through and ASA. I can get it working if I disable TCP-STATE checking.
Can anyone confirm if this "protocol" is something that the ASA is capable of interpreting?
I have attached some captures of both working and failing scenarios.
DST Port is 2000. The end device is supposed to respond to a tcp payload of "01 08 00 00 00 00 00 00 F6"
The pass has state bypassing in enabled.
Thanks in Advance.
Mark Tegg
Solved! Go to Solution.
11-07-2012 01:09 AM
Mark,
AFAIR we're using TCP proxy mostly for inspected flows (to make sure that packets are processed in order etc).
I'm not aware you need to disable it once inspection is disabled.
Would you mind opening a TAC case so we can get more information.
As one of the step we need to get trace details captures to see what exactly is going wrong.
M.
11-06-2012 08:02 AM
Mark,
Truth be told I have little-to-no knowledge on RELOAD protocol, but I do know that by default TCP/2000 is used by skinny.
Enabling TCP state bypass has added benefit of bypassing inspection engines (maybe you had skinny inspection on before?)
In any case you can always open up a TAC case so we can dig into this.
M.
11-06-2012 06:39 PM
Thanks Marcin,
I did have Skinny inspect active. I have attempted to disable it , but still have issue.
With skinny inspect enabled it seems to hang in the tcp-proxy buffer and once connection closed it drops the packets.
Before connect
tcp-proxy: bytes in buffer 0, bytes dropped 0
During connect
tcp-proxy: bytes in buffer 9, bytes dropped 0
After disconnect
tcp-proxy: bytes in buffer 0, bytes dropped 9
I assume that with inspect for skinny disabled that it is still using tcp-proxy (no stats though)
Is there a way to disable this tcp-proxy?
Thanks again.
Mark
11-07-2012 01:09 AM
Mark,
AFAIR we're using TCP proxy mostly for inspected flows (to make sure that packets are processed in order etc).
I'm not aware you need to disable it once inspection is disabled.
Would you mind opening a TAC case so we can get more information.
As one of the step we need to get trace details captures to see what exactly is going wrong.
M.
11-07-2012 08:27 PM
I will do , thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide