Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5555x default TCP normalizer settings

Greetings,  I am trying to find what is the default actions of the TCP normalizer in the ASA 5555x (9.1(3)).  I can see in packet captures that the ASA is stripping some option flags (SACK) and I am also wondering if it is dropping none conforming packets etc etc.  So far my research has shown that only specific traffic from specific systems is being stripped, in my case storage replication traffic.  Thanks for any details, I am also going to open a TAC case and I will update this thread. Cheers!

2 REPLIES
VIP Purple

You find much on the defaults

You find much on the defaults in the config-gude:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html#pgfId-1090664

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html#53790


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Nice, thanks I can see the

Nice, thanks I can see the list of defaults.  Oddly though the one flag that I am curious about (SACK) shows it's allowed by default yet some connections are having it stripped.

80
Views
0
Helpful
2
Replies
CreatePlease to create content