cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1732
Views
0
Helpful
1
Replies

ASA5510 - Transparent mode - Asymetric routing, TCP state bypass

hobbe
Level 7
Level 7

Hi all

I have a problem.

How does the ASA work in transparent mode with Asymetric routing ?

I realise that I will need to upgrade to v 8.2.1 since thats the version that TCP state bypass became available in.

and I have found some information about it in normal firewall mode.

But how does it work in transparent mode ?

The purpose:

I have a network with 2 routers, towards each of the routers there is a transparent firewall, any traffic sent trough one of the routers may come back through the other router. ie Asymetric routing.

Does anyone have information ? configuration examples ? good ideas ? bad ideas ? any ideas ?

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

TCP State bypass works exactly in the same way on both routed and transparent firewall.

The only reason why you would configure TCP state bypass is if traffic inbound and outbound is not passed through the same firewall, hence the firewall will not be checking for the TCP state if the routing is assymetric.

Disabling the TCP state bypass will enhance the performance because firewall will not check for each tcp packet if the connection is already built. By enabling TCP state bypass, firewall will check each and every TCP packet will slightly decrease the firewall performance.

Here is more detailed information on TCP state bypass for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s1.html#wp1428242

Hope that helps.

Review Cisco Networking for a $25 gift card