Solved: Problem with TCP Connection

Jewgeni Uschegow · ‎12-08-2017

hi everyone,
I have ACL on the ASA that allow TCP connection between two networks. It works well, but sometimes ASA block this rule and I have to off und on this rule. Done it works again. I think it is because the TCP Stack between hosts in the networks is bad.
What can I do to ASA doesn't block the rule.

Best regards

Karsten Iwen · ‎12-10-2017

There are three options available:

If it is really based on a bad TCP-stack of the endpoints, update them to a recent version or replace them.
The ASA could have a bug that causes the traffic to be dropped. I recently had that with Citrix-traffic and an ASA update solved the problem.
You could configure TCP-state-bypass to disable checks in the ASA.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Karsten Iwen · ‎12-10-2017

There are three options available:

If it is really based on a bad TCP-stack of the endpoints, update them to a recent version or replace them.
The ASA could have a bug that causes the traffic to be dropped. I recently had that with Citrix-traffic and an ASA update solved the problem.
You could configure TCP-state-bypass to disable checks in the ASA.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.