10-02-2012 02:40 PM - edited 03-11-2019 05:03 PM
Is there a way to match tcp flags in an access-list on an ASA, e.g.:
match-any +syn +fin +rst
or
match byte[13] eq 2
match byte[13] eq 17
match byte[13] eq 4
?
10-02-2012 03:33 PM
Hello Bradley,
No, that is done on an IOS setup.
The ASA as it;s a stateful firewall by default do not need that setup, he will perform a deep packet inspection of the TCP flags without any configuration required for that.
Julio
10-02-2012 03:40 PM
Thanks, Julio. I would like to filter, in order to reduce the amount of data captured by a packet-capture. Not for security purposes.
For example, when debugging a problem, sometimes it helps to view all flows through an interface; but you don't want to see each packet of every flow. Just seeing the start and end of each TCP flow would be very useful.
10-02-2012 03:56 PM
Hello Bradley,
Got your point but the answer is no.
The ASA will show you the entire connection, you cannot specify on an ACL wheter you want to match a RST or a SYN flag on a tcp session.
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide