11-21-2006 02:00 AM - edited 03-11-2019 01:58 AM
Good morning I would know if anyone know how Pix work in conjuction of a session inbound made between two servers,(one in outside an the other on my DMZ interface) that implement Selective ACK.
A customer suppose that my Pix rewrite the sequence number and ACK of a session TCP, but not rewrite sequence number and ACK when two hosts has negotiated a TCP session with SACK.
Any information that you can send me are welcomed.
Thanks in advance.
Davide
11-22-2006 11:05 AM
Pix version 7.0.x software handles tcp selective ack by allowing or clearing the option depending on what?s configured. The default is to allow the SACK option.
Please see...http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/ids.htm#wp1042116 for more info on SACK handling in pix 7.
11-23-2006 04:05 AM
Hi plwalsh thanks very much for the link to the documentation.
In the last my message I have forget to tell the rel. ver. of my Pix, fortunately is 7.1(2) and i can handle SACK as reported at the link.
Thanks very for yuor help plwalsh!
Best Regards
Davide
11-24-2006 06:54 AM
Hi plwalsh sorry if have another question about my Pix, but I have a doubt.
I would know if you can suggest me a web link, where there is explain how the Pix manage TCP sessions in conjuction of MSS (maximum segment size) if the session involved use SACK or not. And if the kind of traffic is object of Pix's inspection (class-map inspection_default) or not.
Any information that you can send me are welcomed.
Best Regards
Davide
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide