Re: ASA Firewall error while adding SCTP in ACCESS LIST

HARIS_HUSSAIN · ‎01-05-2019

In ASA When i Try to add the SCTP protocol the ASDM give below error.Can any one help here to understand SCTP Options in ASA & why does it now work ?

Sheraz.Salim · ‎01-05-2019

you need to define a host/object network/object-group

for example.

access-list inside_in extended permit sctp any host 192.168.x.x

yo can not have access-list inside_in extended permit sctp any any

please do not forget to rate.

HARIS_HUSSAIN · ‎01-05-2019

I tried with SCTP command but ASA is unable to identify SCTP Protocol.

ciscoasa(config)# access-l TEST-1 ext permit sctp any host 192.168.10.1
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# access-l TEST-1 ext permit s?

configure mode commands/options:
snp
ciscoasa(config)# access-l TEST-1 ext permit sctp ?
ERROR: % Unrecognized command
ciscoasa(config)# access-l TEST-1 ext permit sctp

Sheraz.Salim · ‎01-06-2019

what ASA version you running on ?

i test this command on 9.8 and it working.

please do not forget to rate.

Rob Ingram · ‎01-06-2019

It looks like SCTP protocol support was add in ASA v9.5, release notes.

As has Radio_City, I've confirmed it works on my image (9.9)

HTH

HARIS_HUSSAIN · ‎01-06-2019

Mine i s Software Version 9.1

Rob Ingram · ‎01-06-2019

What hardware are you running? If it's too old (5505, 5510, 5520 etc) it may not support the newer firmware versions.

Sheraz.Salim · ‎01-06-2019

just to add what RJI asid

check this matrix of software in regards to firewall hardware

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_59423

please do not forget to rate.