[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 621
  • Last Modified:

Firewall inside interface stateless

I know it is  a security issue. However, I have a statefull firewall and I need to make the inside interface of it stateless without using VPN's. Issue when a ASP request comes in from the internet it makes it to the web cluster, but then the response is stopped at the inside interface of the firewall and the firewall says oh that ip address is right over here and sends it back to the server instead of the outside interface of the firewall.
0
1subject
Asked:
1subject
  • 2
  • 2
1 Solution
 
Cyclops3590Commented:
>>the response is stopped at the inside interface of the firewall and the firewall says oh that ip address is right over here

can you explain this a little better.  for one, by default, a PIX isn't able to accept a packet on the inside and route it back out the inside interface.  from what I'm understanding, the request goes to a VIP that is shared by the cluster, but apparently the response is not sourcing from the VIP.  what we need to make sure is that the source of the response is the same as the destination of the request.  if not, that is your problem.
0
 
1subjectAuthor Commented:
Thanks Cyclops3590,

I do apologize for not having better details.  I will check to make sure that the source of the response is the same as the destination of the request.  However, is it possible to configure the inside interface of the ASA to be stateless instead of stateful? Please let me know.

Again Thank You for your help.
0
 
Cyclops3590Commented:
Not that I'm aware of as that would create a severe security issue. Also if the source is different then the receiver of the packet would just drop it anyway
0
 
1subjectAuthor Commented:
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now