Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
3
Helpful
3
Replies

Can PIX/ASA disable stateful check?

hetao1601
Level 1
Level 1

‎02-01-2009 06:56 PM - edited ‎02-21-2020 03:15 AM

Hi, all

I have one ASA 5510 with software 7.0, configurated as transparent firewall. Now I want to disable its stateful check, Anyone can tell me whether it support this feature? If its a routed firewall,can it support, And what is the command?

Very Thanks

Tao

0 Helpful
3 Replies 3

Ivan Martinon
Level 7
Level 7

‎02-02-2009 06:07 PM

The only way to disable the STATE check on the ASA (bypass the 3 way handshake for example) is to use the static nat command with the "nailed" option as well as the failover timeout

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075

hetao1601
Level 1
Level 1
In response to Ivan Martinon

‎02-02-2009 11:51 PM

imartino

Very thanks for your reply.

1. From the explanation, it said nailed is used with 'failover timeout' command. What is that mean? I just want to disable the state check, so that asymmetric route traffic can pass through the pix. Can it support that?

BTW, I'd like to know whether it can be used on the transparent mode since it doesn't have the 'static' command.

2. It seem the following command is related with tcp state check.

invalid-ack {allow | drop}

Am I right?

Any reply is very appreciated!

Tao

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to hetao1601

‎02-03-2009 07:10 AM

Regardless of transparent firewall statics are supported, and the failover timeout is a requirement when enabling "nailed" option. please take a look at the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card