Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Enable IP options on a FWSM

Based on Cisco documentation the FWSM version 3.2(2) will by default drop all packets containing IP options. If there a way to change this?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

Enable IP options on a FWSM

Yes it is possible to enable it from the command line.  You can do the following

policy-map type inspect ip-options IP_OPTIONS_MAP

parameters

nop action allow

policy-map global_policy

class inspection_default

inspect ip-options IP_OPTIONS_MAP

--
Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
6 REPLIES
VIP Green

Enable IP options on a FWSM

You can enable IP options inspection under the global policy.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080bbcd09.shtml#intro

--

Please rate all helpful posts

-- Please remember to rate and select a correct answer
New Member

Enable IP options on a FWSM

ASDM 6.3 is not supported on the FWSM, the latest version that I can find that supports the FWSM is ASDM 6.2.3.

Thank you for your help

VIP Green

Enable IP options on a FWSM

@j-crenshaw, is that a wrong post?  Not sure what ASDM 6.3 not being supported on the FWSM has to do with enabling IP options.

--
Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
New Member

Enable IP options on a FWSM

Your original post directed me to documentation with instructions for enabling IP options using ASDM 6.3 but ASDM 6.3 is not supported on the FWSM.

Can you enable IP options from the command line?

Thank you

VIP Green

Enable IP options on a FWSM

Yes it is possible to enable it from the command line.  You can do the following

policy-map type inspect ip-options IP_OPTIONS_MAP

parameters

nop action allow

policy-map global_policy

class inspection_default

inspect ip-options IP_OPTIONS_MAP

--
Please remember to rate and select a correct answer

-- Please remember to rate and select a correct answer
New Member

Enable IP options on a FWSM

Thanks again for your help, but these command are not supported on the FWSM running Ver 4.0(4) using ASDM ver 6.1(2)f, and based on Cisco's documentation IP options are now supported on any of the FWSM versions. The command you list are only supported on the Cisco ASA.

Thank you.

260
Views
0
Helpful
6
Replies