Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
6
Replies

Enable IP options on a FWSM

Go to solution
j-crenshaw
Level 1
Level 1

‎11-20-2013 02:43 PM - edited ‎03-11-2019 08:07 PM

Based on Cisco documentation the FWSM version 3.2(2) will by default drop all packets containing IP options. If there a way to change this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to j-crenshaw

‎12-05-2013 12:08 AM

Yes it is possible to enable it from the command line.  You can do the following

policy-map type inspect ip-options IP_OPTIONS_MAP

parameters

nop action allow

policy-map global_policy

class inspection_default

inspect ip-options IP_OPTIONS_MAP

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marius Gunnerud
VIP
VIP

‎11-24-2013 09:32 AM

You can enable IP options inspection under the global policy.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080bbcd09.shtml#intro

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
j-crenshaw
Level 1
Level 1
In response to Marius Gunnerud

‎12-04-2013 01:00 PM

ASDM 6.3 is not supported on the FWSM, the latest version that I can find that supports the FWSM is ASDM 6.2.3.

Thank you for your help

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to j-crenshaw

‎12-04-2013 01:14 PM

@j-crenshaw, is that a wrong post?  Not sure what ASDM 6.3 not being supported on the FWSM has to do with enabling IP options.

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
j-crenshaw
Level 1
Level 1
In response to Marius Gunnerud

‎12-04-2013 01:38 PM

Your original post directed me to documentation with instructions for enabling IP options using ASDM 6.3 but ASDM 6.3 is not supported on the FWSM.

Can you enable IP options from the command line?

Thank you

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to j-crenshaw

‎12-05-2013 12:08 AM

Yes it is possible to enable it from the command line.  You can do the following

policy-map type inspect ip-options IP_OPTIONS_MAP

parameters

nop action allow

policy-map global_policy

class inspection_default

inspect ip-options IP_OPTIONS_MAP

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
j-crenshaw
Level 1
Level 1
In response to Marius Gunnerud

‎12-09-2013 10:02 AM

Thanks again for your help, but these command are not supported on the FWSM running Ver 4.0(4) using ASDM ver 6.1(2)f, and based on Cisco's documentation IP options are now supported on any of the FWSM versions. The command you list are only supported on the Cisco ASA.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card