05-11-2012 10:02 AM - edited 03-11-2019 04:05 PM
Hi,
I have to pass STT traffic through a Cisco ASA (details on STT are here http://tools.ietf.org/html/draft-davie-stt).
STT traffic looks like TCP traffic (i.e. it uses IP protocol 6 and is sent to a specific destination port) but is stateless. It doesn't perform TCP handshake, i.e. TCP flags are used differently same goes for sequence numbers.
Is there any way to disable to regular TCP handshake and sequence numbers checks? I saw that there might be a chance to do something for the handshake with the embryotic connection limit but I'm not sure about the sequence numbers.
Assume ASA 8.6.
Thanks,
Ben
Solved! Go to Solution.
05-12-2012 02:10 AM
Hi,
You can configure tcp state bypass only for this traffic, for the rest the firewall would check the tcp state of the packet, here is the doc:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-12-2012 02:10 AM
Hi,
You can configure tcp state bypass only for this traffic, for the rest the firewall would check the tcp state of the packet, here is the doc:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: