Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
1
Replies

tcp bypass vs asr-group

ambi
Level 1
Level 1

‎10-07-2010 06:24 PM - edited ‎03-11-2019 11:51 AM

I am a bit confused on the usage of these two features on the ASA

are they meant to achieve the same thing ...

if they differ can someone highlight their use with any example

thanks

Ambi

Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎10-08-2010 07:31 AM

There are differnt features.

TCP state bypass doesn't check the state of a TCP connections. For example if you see a packet that doesn't correspond to the sequence number expected for the TCP conn, the firewall will not drop it like it would do normally.

The ASR groups are for a similar issue but in Activeve/Active failover. If a packet leaves one unit but the response comes back through the peer unit the ASR group will allow it even though normally the other unit didn't know about the connection and would have dropped it.

So, they practically correspond to a similar issue but they are different features.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card