Is there a way to match tcp flags in an access-list on an ASA, e.g.:
match-any +syn +fin +rst
or
match byte[13] eq 2
match byte[13] eq 17
match byte[13] eq 4
?
Hello Bradley,
No, that is done on an IOS setup.
The ASA as it;s a stateful firewall by default do not need that setup, he will perform a deep packet inspection of the TCP flags without any configuration required for that.
Julio
Thanks, Julio. I would like to filter, in order to reduce the amount of data captured by a packet-capture. Not for security purposes.
For example, when debugging a problem, sometimes it helps to view all flows through an interface; but you don't want to see each packet of every flow. Just seeing the start and end of each TCP flow would be very useful.
Hello Bradley,
Got your point but the answer is no.
The ASA will show you the entire connection, you cannot specify on an ACL wheter you want to match a RST or a SYN flag on a tcp session.
Julio