Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1041
Views
5
Helpful
1
Replies

Ignoring TCP handshake & Sequence Numbers for STT Traffic

Go to solution
bbasler
Level 1
Level 1

‎05-11-2012 10:02 AM - edited ‎03-11-2019 04:05 PM

Hi,

I have to pass STT traffic through a Cisco ASA (details on STT are here http://tools.ietf.org/html/draft-davie-stt).

STT traffic looks like TCP traffic (i.e. it uses IP protocol 6 and is sent to a specific destination port) but is stateless. It doesn't perform TCP handshake, i.e. TCP flags are used differently same goes for sequence numbers.

Is there any way to disable to regular TCP handshake and sequence numbers checks? I saw that there might be a chance to do something for the handshake with the embryotic connection limit but I'm not sure about the sequence numbers.

Assume ASA 8.6.

Thanks,

Ben

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎05-12-2012 02:10 AM

Hi,

You can configure tcp state bypass only for this traffic, for the rest the firewall would check the tcp state of the packet, here is the doc:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml

Hope  that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

1 Reply 1

Go to solution
varrao
Level 10
Level 10

‎05-12-2012 02:10 AM

Hi,

You can configure tcp state bypass only for this traffic, for the rest the firewall would check the tcp state of the packet, here is the doc:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml

Hope  that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card