• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 632
  • Last Modified:

Firewall inside interface stateless

I know it is  a security issue. However, I have a statefull firewall and I need to make the inside interface of it stateless without using VPN's. Issue when a ASP request comes in from the internet it makes it to the web cluster, but then the response is stopped at the inside interface of the firewall and the firewall says oh that ip address is right over here and sends it back to the server instead of the outside interface of the firewall.
0
1subject
Asked:
1subject
  • 2
  • 2
1 Solution
 
Cyclops3590Commented:
>>the response is stopped at the inside interface of the firewall and the firewall says oh that ip address is right over here

can you explain this a little better.  for one, by default, a PIX isn't able to accept a packet on the inside and route it back out the inside interface.  from what I'm understanding, the request goes to a VIP that is shared by the cluster, but apparently the response is not sourcing from the VIP.  what we need to make sure is that the source of the response is the same as the destination of the request.  if not, that is your problem.
0
 
1subjectAuthor Commented:
Thanks Cyclops3590,

I do apologize for not having better details.  I will check to make sure that the source of the response is the same as the destination of the request.  However, is it possible to configure the inside interface of the ASA to be stateless instead of stateful? Please let me know.

Again Thank You for your help.
0
 
Cyclops3590Commented:
Not that I'm aware of as that would create a severe security issue. Also if the source is different then the receiver of the packet would just drop it anyway
0
 
1subjectAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now