vasp
asked on
Cisco ASA - Create TCP Map using CLI
It was suggested that I need to apply a TCP Map to interfaces on a Cisco ASA to stop TCP options being stripped (which prevent the correct operation of our VPN system). I have some instructions for doing this via ASDM, but we only have access to configure the ASA via CLI. Can someone walk me through this on the CLI (I'm assuming it's easy if you know how)?
1-Build a TCP-Map with the following settings:
Queue limit: 0
Timeout: 4
Reserved bits: Allow only
Drop packets which have past-window sequnence: Yes
Drop SYNACK packets with data: Yes
Drop packets with invalid ACK: yes
Range to Add:
Lower: 6, Upper: 7
Lower: 9, Upper: 255
Action: Allow
2-Apply TCP-Map to the ASA interfaces via a new service policy with the following config:
Traffic clasification: Any
Connection settings: Use TCP-Map (tick), an select the new TCP-Map, and then apply changes via ASDM.
Can someone walk me through this on the CLI please?
Thanks
vasp
1-Build a TCP-Map with the following settings:
Queue limit: 0
Timeout: 4
Reserved bits: Allow only
Drop packets which have past-window sequnence: Yes
Drop SYNACK packets with data: Yes
Drop packets with invalid ACK: yes
Range to Add:
Lower: 6, Upper: 7
Lower: 9, Upper: 255
Action: Allow
2-Apply TCP-Map to the ASA interfaces via a new service policy with the following config:
Traffic clasification: Any
Connection settings: Use TCP-Map (tick), an select the new TCP-Map, and then apply changes via ASDM.
Can someone walk me through this on the CLI please?
Thanks
vasp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
:)
I'll be here (probably).
I'll be here (probably).
ASKER
quick and accurate - thanks!
A bit slower now ;)
Thx 4 the points, glad it worked out for you.
Thx 4 the points, glad it worked out for you.
ASKER
I'll give that a whirl later and let you know!
vasp