Cisco ASA 5505 Configuration Manual page 1117
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 52
Using Protection Tools
•
•
•
•
•
•
Configuring TCP Options
The Configuration > Properties > TCP Options pane lets you set parameters for TCP connections.
Fields
•
•
OL-20339-01
Timeout—Display only. Displays the number of seconds to wait for an entire fragmented packet to
arrive. The timer starts after the first fragment of a packet arrives. If all fragments of the packet do
not arrive by the number of seconds displayed, all fragments of the packet that were already received
will be discarded. The default is 5 seconds.
Threshold—Display only. Displays the IP packet threshold, or the limit after which no new chains
can be created in the reassembly module.
Queue—Display only. Displays the number of IP packets waiting in the queue for reassembly.
Assembled—Display only. Displays the number of IP packets successfully reassembled.
Fail—Display only. Displays the number of failed reassembly attempts.
Overflow—Display only. Displays the number of IP packets in the overflow queue.
Inbound and Outbound Reset—Sets whether to reset denied TCP connections for inbound and
outbound traffic.
Interface—Shows the interface name.
–
Inbound Reset—Shows the interface reset setting for inbound TCP traffic, Yes or No. Enabling
–
this setting causes the adaptive security appliance to send TCP resets for all inbound TCP
sessions that attempt to transit the adaptive security appliance and are denied by the adaptive
security appliance based on access lists or AAA settings. Traffic between same security level
interfaces is also affected. When this option is not enabled, the adaptive security appliance
silently discards denied packets.
Outbound Reset—Shows the interface reset setting for outbound TCP traffic, Yes or No.
–
Enabling this setting causes the adaptive security appliance to send TCP resets for all outbound
TCP sessions that attempt to transit the adaptive security appliance and are denied by the
adaptive security appliance based on access lists or AAA settings. Traffic between same
security level interfaces is also affected. When this option is not enabled, the adaptive security
appliance silently discards denied packets.
Edit—Sets the inbound and outbound reset settings for the interface.
–
Other Options—Sets additional TCP options.
Send Reset Reply for Denied Outside TCP Packets—Enables resets for TCP packets that
–
terminate at the least secure interface and are denied by the adaptive security appliance based
on access lists or AAA settings. When this option is not enabled, the adaptive security appliance
silently discards denied packets. If you enable Inbound Resets for the least secure interface (see
TCP Reset
Settings), then you do not also have to enable this setting; Inbound Resets handle
to-the-adaptive security appliance traffic as well as through the adaptive security appliance
traffic.
Force Maximum Segment Size for TCP—Sets the maximum TCP segment size in bytes,
–
between 48 and any maximum number. The default value is 1380 bytes. You can disable this
feature by setting the bytes to 0. Both the host and the server can set the maximum segment size
when they first establish a connection. If either maximum exceeds the value you set here, then
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring TCP Options
52-3
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
