11-20-2013 02:43 PM - edited 03-11-2019 08:07 PM
Based on Cisco documentation the FWSM version 3.2(2) will by default drop all packets containing IP options. If there a way to change this?
Solved! Go to Solution.
12-05-2013 12:08 AM
Yes it is possible to enable it from the command line. You can do the following
policy-map type inspect ip-options IP_OPTIONS_MAP
parameters
nop action allow
policy-map global_policy
class inspection_default
inspect ip-options IP_OPTIONS_MAP
--
Please remember to rate and select a correct answer
11-24-2013 09:32 AM
You can enable IP options inspection under the global policy.
--
Please rate all helpful posts
12-04-2013 01:00 PM
ASDM 6.3 is not supported on the FWSM, the latest version that I can find that supports the FWSM is ASDM 6.2.3.
Thank you for your help
12-04-2013 01:14 PM
@j-crenshaw, is that a wrong post? Not sure what ASDM 6.3 not being supported on the FWSM has to do with enabling IP options.
--
Please remember to rate and select a correct answer
12-04-2013 01:38 PM
Your original post directed me to documentation with instructions for enabling IP options using ASDM 6.3 but ASDM 6.3 is not supported on the FWSM.
Can you enable IP options from the command line?
Thank you
12-05-2013 12:08 AM
Yes it is possible to enable it from the command line. You can do the following
policy-map type inspect ip-options IP_OPTIONS_MAP
parameters
nop action allow
policy-map global_policy
class inspection_default
inspect ip-options IP_OPTIONS_MAP
--
Please remember to rate and select a correct answer
12-09-2013 10:02 AM
Thanks again for your help, but these command are not supported on the FWSM running Ver 4.0(4) using ASDM ver 6.1(2)f, and based on Cisco's documentation IP options are now supported on any of the FWSM versions. The command you list are only supported on the Cisco ASA.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide