Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,
I am attempting to configure TCP-Bypass for a specific subset of traffic on an ASAv running Software Version 9.5(2)204. I have configured an ACL to match the source and destination specifically, set up a class map to reference the ACL, attach...
I was able to apply this policy successfully on a Cat9300, should be similar to the 3850. Hopefully this helps.
flow record AVC-NETFLOW-RECORD
match ipv4 version
match ipv4 protocol
match application name
match connection client ipv4 address
match ...
Turns out placing the bypass setting directly on the incoming interface seemed to work. There is now a bug report for the behavior submitted to the ASA developers. Thanks
That is what out thoughts were as well. And as you recommended, we did clear all connection states during an outage window and recreated sessions individually in an attempt to initiate TCP Bypass. Even then, it seems the class map was never attribute...
Thanks for the response. We have yet to try this, however is there any particular reason TCP Bypass will not function when applied to the Global Policy? It is my understanding that the Global Policy is already applied to all interfaces. Thanks
