ASA .... stateful
I’ve been chasing an answer to a question regarding the function of ASA’s for a couple days now and am striking out. I tried to lab this concept, but wasn’t able to get a tool to send traffic properly. I also tried researching it online, but couldn’t find an answer.
In a really simple setup, say I had an ASA allowing telnet access to one host – basically just a one line acl allowing telnet. What would the ASA do with an initial packet sent to TCP/23 if the packet had the FIN bit set? What I’m getting at is, the acl allows TCP/23 and this packet is using TCP/23, but the packet has the FIN bet set even though it’s the initial packet, so it’s out of state. What will the ASA do with that packet?
I’m aware that the state table is built from outbound traffic and creates dynamic holes through the acl. So what I’m getting at is, does the state table have a secondary function of blocking out of state packets even if the acl in place actually allows that traffic?
If anyone knows of some specific documentation on this concept, I'd really appreciate it. Thanks for your help.