Cisco Cisco Packet Data Gateway (PDG)
• fin-wait2
• last-ack
• listen
• syn-received
• syn-sent
• time-wait
Usage Guidelines
If there is no TCP proxy configured, this configuration is not applicable.
For proxy-enabled flows, TCP state handling interprets the ingress side as the radio side and the egress side
as the Internet side of the TCP connection.
as the Internet side of the TCP connection.
tcp state and tcp prev-state is the state of the client stack, which would be either the state of the subscriber's
stack (if flow is not proxy enabled) or the MS state of proxy on the egress-side (if flow is proxy-enabled).
stack (if flow is not proxy enabled) or the MS state of proxy on the egress-side (if flow is proxy-enabled).
tcp proxy-state and tcp proxy-prev-state is the state of the embedded TCP proxy server, that is the proxy
ingress-side.
ingress-side.
So, depending on the use case, if using tcp state and tcp prev-state an existing configuration may work fine
regardless of whether proxy is enabled. For other use cases, other ruledefs may have to be created.
regardless of whether proxy is enabled. For other use cases, other ruledefs may have to be created.
Both tcp state and tcp proxy-state can be used in the same ruledef. If proxy was being used, they would map
to the egress-side and ingress-side, respectively. If proxy was not being used, then this would not match ruledef
because proxy state would not be applicable.
to the egress-side and ingress-side, respectively. If proxy was not being used, then this would not match ruledef
because proxy state would not be applicable.
Examples
The following command defines a rule expression to match user traffic based on TCP proxy previous state
of established:
tcp proxy-prev-state = established
of established:
tcp proxy-prev-state = established
Command Line Interface Reference, Modes A - B, StarOS Release 19
1264
ACS Ruledef Configuration Mode Commands
tcp proxy-prev-state