cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
297
Views
5
Helpful
1
Replies

ASA VPN Filters - Are they stateful

j.a.m.e.s
Participant
Participant

All,

 

I have a scenario where a flow may need to enter a VPN tunnel but the first packet would be a SYN-ACK response (due to routing asymmetry). The tunnel has a filter-list attached (via ASA group policy).

 

Does anyone know if a filter-list is stateful?

 

I'm looking at the set connection advanced-options tcp-state-bypass within a policy-map, but this can only be applied on physical interfaces:

 

# service-policy PM-StateBypass interface ?
configure mode commands/options:
Current available interface(s):
  inside Name of interface GigabitEthernet0/1
  mgmt            Name of interface Management0/0
  outside         Name of interface GigabitEthernet0/0

Many thanks for any insight.

James.

1 Reply 1

MHM Cisco World
Advisor
Advisor

follow

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers