Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3924
Views
5
Helpful
2
Replies

is ASA Stateless?

aehtibarov
Level 1
Level 1

‎02-17-2021 07:06 AM

I Have asa 5508 with firepower module. Trafik goes inside to outside, Pat is active, and when respond came back to firewall, firewall drops it. I added acl to outside interface in. It worked. Is ASA stateless or does firepower module block it ?

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎02-17-2021 08:08 AM

The ASA is a stateful firewall. Through configuration you can force a stateless operation, but this is typically not done.

Without any more information it is hard to tell what dropped the traffic. But this is what my crystal ball says:

You are testing with a PING. The statefully inspected protocols are only TCP and UDP, ICMP by default is not. The moment you test with "real" traffic it will work. For ICMP you can use the following command to make that also stageful:

fixup protocol icmp

rafail.sharifov
Level 1
Level 1

‎02-17-2021 10:14 PM

@Karsten Iwen Thank you,. it was really helpfull. The actual problem was routing. The packet that coming back to outside once untranslate and shows route to outside)). 

fixup protocol icmp 
helped me to check ping result from other source
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card