1-9
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Settings
Configuring Connection Settings
synack-data
{
allow
|
drop
}
Sets the action for TCP SYNACK packets that contain data.
The
allow
keyword allows TCP SYNACK packets that contain
data.
(Default) The
drop
keyword drops TCP SYNACK packets that
contain data.
syn-data
{
allow
|
drop
}
Sets the action for SYN packets with data.
(Default) The
allow
keyword allows SYN packets with data.
The
drop
keyword drops SYN packets with data.
tcp-options
{
selective-ack
|
timestamp
|
window-scale
}
{
allow
|
clear
}
Or
tcp-options range
lower upper
{
allow
|
clear
|
drop
}
Sets the action for packets with TCP options, including the
selective-ack, timestamp, or window-scale TCP options.
(Default) The
allow
keyword
allows packets with the specified
option.
(Default for
range
) The
clear
keyword clears the option and
allows the packet.
The
drop
keyword drops the packet with the specified option.
The
selective-ack
keyword sets the action for the SACK option.
The
timestamp
keyword sets the action for the timestamp option.
Clearing the timestamp option disables PAWS and RTT.
The
widow-scale
keyword sets the action for the window scale
mechanism option.
The
range
keyword specifies a range of options. The
lower
argument sets the lower end of the range as 6, 7, or 9 through 255.
The
upper
argument sets the upper end of the range as 6, 7, or 9
through 255.
ttl-evasion-protection
Disables the TTL evasion protection. Do not enter this command
it you want to prevent attacks that attempt to evade security policy.
For example, an attacker can send a packet that passes policy with
a very short TTL. When the TTL goes to zero, a router between the
ASA and the endpoint drops the packet. It is at this point that the
attacker can send a malicious packet with a long TTL that appears
to the ASA to be a retransmission and is passed. To the endpoint
host, however, it is the first packet that has been received by the
attacker. In this case, an attacker is able to succeed without
security preventing the attack.
Table 1-1
tcp-map Commands (continued)
Command
Notes
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......