Cisco 4700M Configuration Manual page 281

Chapter 4 Configuring TCP/IP Normalization and IP Reassembly Parameters
Table 4-3
Table 4-3
Kind
0
1
3
4
5
8
You can specify this command multiple times to configure different options and
actions. If you specify the same option with different actions, the ACE uses the
order of precedence described earlier in this section to decide which action to use.
For example, to allow a segment with the SACK option set, enter:
host1/C1(config-parammap-conn)# tcp-options selective-ack allow
To reset the ACE behavior to the default of clearing the SACK option and
allowing the segment, enter:
host1/C1(config-parammap-conn)# no tcp-options selective-ack
You can specify a range of options for each action. If you specify overlapping
option ranges with different actions, the ACE uses the order of precedence
described earlier in this section to decide which action to perform for the specified
options.
For example, enter:
host1/C1(config-parammap-conn)# tcp-options range 6 7 allow
host1/C1(config-parammap-conn)# tcp-options range 19 26 drop
To remove the TCP option ranges from the configuration, enter:
host1/C1(config-parammap-conn)# no tcp-options range 6 7 allow
host1/C1(config-parammap-conn)# no tcp-options range 19 26 drop
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Configuring a Connection Parameter Map for TCP/IP Normalization and Termination
lists the TCP options explicitly supported by this command.
TCP Options Explicitly Supported by the ACE
Length Description
- End of option list
- No operation
3 WSOPT—Window Scale
2 Selective acknowledgement
(SACK) permitted
N SACK
10 Time stamp option (TSOPT) [RFC1323]
Reference
[RFC793]
[RFC793]
[RFC1323]
[RFC2018]
[RFC2018]
4-23