Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
1
Replies

migrate from pix515e ios 8.0.4 to asa5520 ios 8.4.5

SilkoYuri
Level 1
Level 1

‎11-28-2012 03:54 AM - edited ‎03-11-2019 05:29 PM

Hello everybody.

We want migrate our network from pix515e to asa5520.

Access rules is same on both devices.

When we change default gateway from ip address pix to ip address asa, we get assimetric traffic and both devices drops tcp packets.

On asa 5520 we set this configuration:

access-list tcp-bypass-syn-ack extended permit tcp src_network-host dst_network-host

access-list tcp-bypass-syn-ack extended permit tcp dst_network-host src_network-host

class-map tcp_bypass_syn_ack

match access-list tcp-bypass-syn-ack

policy-map tcp_bypass_syn_ack_policy

class tcp_bypass_syn_ack

set connection advanced-options tcp-state-bypass

service-policy tcp_bypass_syn_ack_policy interface ingress_interface

service-policy tcp_bypass_syn_ack_policy interface egress_interface

And traffic throuht asa5520 sends ok.

Which commands we have to set up on pix515e, what it is configuration was same as ASA5520 ?

Thanks.

Labels:
0 Helpful
1 Reply 1

julomban
Level 3
Level 3

‎12-03-2012 01:00 PM

Yuri,

TCP state bypass configuration was introduced in IOS version 8.2 which is not supported by PIX appliance.

In a PIX scenario you might need to change your design otherwise the PIX will drop the packet since asymmetric routing is not supported.

Regards,

Juan Lombana

Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card