Configuring connection settings, Customizing the tcp normalizer with a tcp map – Cisco ASA 5505 User Manual
Page 1134
53-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 53 Configuring Connection Settings
Configuring Connection Settings
exceed-mss allow
queue-limit 0 timeout 4
reserved-bits allow
syn-data allow
synack-data drop
invalid-ack drop
seq-past-window drop
tcp-options range 6 7 clear
tcp-options range 9 255 clear
tcp-options selective-ack allow
tcp-options timestamp allow
tcp-options window-scale allow
ttl-evasion-protection
urgent-flag clear
window-variation allow-connection
Configuring Connection Settings
This section includes the following topics:
•
Customizing the TCP Normalizer with a TCP Map, page 53-6
•
Configuring Connection Settings, page 53-10
Task Flow For Configuring Configuration Settings (Except Global Timeouts)
Step 1
For TCP normalization customization, create a TCP map according to the
Normalizer with a TCP Map” section on page 53-6
.
Step 2
For all connection settings except for global timeouts, configure a service policy according to
Chapter 32, “Configuring a Service Policy Using the Modular Policy Framework.”
Step 3
Configure connection settings according to the
“Configuring Connection Settings” section on
Customizing the TCP Normalizer with a TCP Map
To customize the TCP normalizer, first define the settings using a TCP map.
Detailed Steps
Step 1
To specify the TCP normalization criteria that you want to look for, create a TCP map by entering the
following command:
hostname(config)# tcp-map tcp-map-name
For each TCP map, you can customize one or more settings.
Step 2
(Optional) Configure the TCP map criteria by entering one or more of the following commands (see
). If you want to customize some settings, then the defaults are used for any commands you
do not enter.