How to configure ASA to inspect HTTP traffic


Wed, 07/22/2009 - 19:35
Jun 18th, 2009


To specify advanced TCP settings to set Maximum Segment Size (MSS), perform these steps:

  1. To configure the MSS, issue the sysopt connection tcpmss 1460 command.
  2. Configure these advanced TCP settings:

    Hostname(config)# access-list < http-list > extended permit tcp host x.x.x.x  eq 80

    Hostname(config)# class-map  < http >

    Hostname(config-cmap)# match access-list  < http-list >

    Hostname(config)# Tcp-map  < tmap >

    Hostname(config-tcp-map)# exceed-mss allow

    Hostname(config)# Policy-map < global_policy >

    Hostname(config-pmap)#class < http >

    Hostname(config-pmap-c)# set connection advanced-options tmap

    Hostname(config)# Service-policy  < global_policy >  global

For more information, refer to the tcp-map section of Cisco Security Appliance Command Reference, Version 7.2.



This Document

Related Content