the second one is linked inside one DMZ from the first firewall
route is good and inside the DMZ from first firewall I have servers too
so to be more clear we could call as IP for the DMZ from first firewall, Interface IP 126.96.36.199 that generate this DMZ with first firewall (netmask 255.255.0.0)
inside the DMZ I have an interface from second firewall with IP 188.8.131.52 and inside DMZ 1.1/16 I have servers too
keep one test server with IP 184.108.40.206
The LAN passing the second firewall is 220.127.116.11 ever 16 bits of netmask (255.255.0.0)
inside the DMZ generated from second firewall I have a machine with IP 18.104.22.168 that need to access in TCP services on machine 22.214.171.124
running the test I have this scenario:
TCP packets from 126.96.36.199 pass the second firewall and arrive inside DMZ with net 1.1/16 and arrive to server with IP 188.8.131.52
defaul gateway (to answer to originating machine with IP 184.108.40.206) is 220.127.116.11
ASA interface 18.104.22.168 claim a missing related as it haven't mapped the connection that has passed on first firewall. I need only that 22.214.171.124 route packets to second firewall (who own net 2.2/16) avoiding to be trappen in missing related check
at start it was working! around 1 year ago we upgraded IOS to 8.4 and ever so late (one year) doing maintenance to a machine I discovered it was no longer talking with these server on net 1.1/16
I have found on cisco docs chapter 51 and TCP State Bypass ............ is this the only answer and the right answer?
before was working, is something that has changed inside ASA IOS 8.4 ?
HTML version of TCP State Bypass I found that should, could solve my issue is: