06-19-2013 10:37 AM - edited 03-11-2019 07:00 PM
Hi All,
Wondering if TCP state bypass can be applied on a Cisco router based IOS firewall (ip inspection)
Thanks!
06-19-2013 03:02 PM
Hello,
TCP State Bypass in only on ASAs, I don't think there is something similar on CBAC(ip inspect).
You may need to migrate to ZBF.
With Zone Based Firewall, you can inspect,pass or drop traffic.
I hope it helps.
Regards,
Felipe.
06-20-2013 08:14 AM
Thanks for your reply.
Thinking on using reflexive ACL instead of stateful inspection.
Would it increase load on the CPU significantly?
I see that entry is created every time packet trespassing interface where the reflex access-list is in out state.
Even in both directions.
06-20-2013 03:30 PM
Hi,
I'm not an expert on reflexive ACLs but I dont think this will increase much the cpu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
