Cisco ASA - Create TCP Map using CLI
Posted on 2012-04-13
It was suggested that I need to apply a TCP Map to interfaces on a Cisco ASA to stop TCP options being stripped (which prevent the correct operation of our VPN system). I have some instructions for doing this via ASDM, but we only have access to configure the ASA via CLI. Can someone walk me through this on the CLI (I'm assuming it's easy if you know how)?
1-Build a TCP-Map with the following settings:
Queue limit: 0
Reserved bits: Allow only
Drop packets which have past-window sequnence: Yes
Drop SYNACK packets with data: Yes
Drop packets with invalid ACK: yes
Range to Add:
Lower: 6, Upper: 7
Lower: 9, Upper: 255
2-Apply TCP-Map to the ASA interfaces via a new service policy with the following config:
Traffic clasification: Any
Connection settings: Use TCP-Map (tick), an select the new TCP-Map, and then apply changes via ASDM.
Can someone walk me through this on the CLI please?