Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

7.2(4) code for the ASA


I have just come across the following issue: Sysopt seems to be missing in the 7.2(4) code? or has this change?


ciscoasa# sh run sysopt

no sysopt connection timewait

sysopt connection tcpmss 1380

sysopt connection tcpmss minimum 0

no sysopt nodnsalias inbound

no sysopt nodnsalias outbound

no sysopt radius ignore-secret

sysopt connection permit-vpn


ciscoasa# sh run sysopt

ciscoasa# <no output>

ciscoasa(config)# sysopt connection ?

configure mode commands/options:

permit-vpn Exempt VPN traffic from access check

tcpmss Set maximum TCP MSS limit, specify keyword minimum to configure

minimum TCP MSS limit. Defaults for maximum and minimum limits

are 1380 and 0 bytes respectively

timewait TCP connection undergoes TIMEWAIT state

ciscoasa(config)# sysopt connection permit-vpn

ciscoasa(config)# sh run sysopt

ciscoasa(config)# <no output>


  • Firewalling

Re: 7.2(4) code for the ASA

Seems to be a bug, they fixed an older bug in 7.2(4) as per the Bug Tooklit:



Commands that are system defaults do not show up in the

typical "show running-config" output. The purpose of the "show running-config all" command

is to allow all configured commands both default and non-default to be viewed in one output.

For PIX/ASA, the output of the command "show running-config all" should

include the the configured sysopt commands such as

"sysopt connection tcpmss 1380" which at present, it does not.

ciscoasa# sh run all | incl sys

ciscoasa# sh run all | incl sysopt



Some "sysopt" commands are on as system defaults and do not show in the running configuration output. However, the "show running-config all" output is supposed to show

all commands in the running configuration including the defaults like some sysopt commands. This issue is purely cosmetic and does not affect the operation of the PIX/ASA.


Or perhaps you can only see the non-default commands using show run sysopt now (after the fix), and for default commands you have to do:

show run all | inc sysopt

You can check this by configuring a non-default config for one of the sysopt commands.



New Member

Re: 7.2(4) code for the ASA

Hi Farrukh

Thanks for that,it says this is fixed in 7.2(4) but this is still in this code. thanks for that anyway.

Regards MJ

New Member

Re: 7.2(4) code for the ASA

the command exists

it is (no) sysopt connection permit-vpn

it only shows up in a show run/show conf when it is disabled and it is enabled by default

This widget could not be displayed.