TCP Bypass not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2020 09:00 AM
Hello,
I have a problem with asymetric routing for a host in our network. A connection comming from www to the host is going through a third party utm appliance to the host 10.10.10.99. The default gateway is a cisco asa 10.10.10.1. In the log of the asa i can see the message
Deny TCP (no connection) from 10.10.10.99/3389 to 80.122.157.55/34334 flags SYN ACK on interface NET_10.10.10.0_Inside
This shows me a problem with asymmetric routing. I cannot change the routing and access from www to the host, I would like to configure TYP Bypass for this host but I don't get it to work.
I have configured the following policy
access-list tcp_bypass extended permit tcp host 10.10.10.99 any class-map tcp_bypass match access-list tcp_bypass policy-map tcp_bypass_policy class tcp_bypass set connection advanced-options tcp-state-bypass service-policy tcp_bypass_policy interface NET_10.10.10.0_Inside
But when I try to access the host I still get the log entries from above.
Can anybody please help me to find the problem please?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2020 02:27 AM - edited 10-14-2020 07:29 AM
try this
1-config the mapped IP not real IP in ACL extended tcp_bypass.
2- remove any and config outside subnet of ASA.
try this solution I think this is solution for your issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2020 01:58 AM
Interesting. Have you confirmed that routing towards internet and NAT for 10.10.10.99 are in place on the ASA?
As Aref has mentioned, would be good to see a topology diagram with an explanation of expected traffic flow.
Please remember to select a correct answer and rate helpful posts

- « Previous
-
- 1
- 2
- Next »