Re: SACK and Pix

sercopi · ‎11-21-2006

Good morning I would know if anyone know how Pix work in conjuction of a session inbound made between two servers,(one in outside an the other on my DMZ interface) that implement Selective ACK.

A customer suppose that my Pix rewrite the sequence number and ACK of a session TCP, but not rewrite sequence number and ACK when two hosts has negotiated a TCP session with SACK.

Any information that you can send me are welcomed.

Thanks in advance.

Davide

plwalsh · ‎11-22-2006

Pix version 7.0.x software handles tcp selective ack by allowing or clearing the option depending on what?s configured. The default is to allow the SACK option.

Please see...http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/ids.htm#wp1042116 for more info on SACK handling in pix 7.

sercopi · ‎11-23-2006

Hi plwalsh thanks very much for the link to the documentation.

In the last my message I have forget to tell the rel. ver. of my Pix, fortunately is 7.1(2) and i can handle SACK as reported at the link.

Thanks very for yuor help plwalsh!

Best Regards

Davide

sercopi · ‎11-24-2006

Hi plwalsh sorry if have another question about my Pix, but I have a doubt.

I would know if you can suggest me a web link, where there is explain how the Pix manage TCP sessions in conjuction of MSS (maximum segment size) if the session involved use SACK or not. And if the kind of traffic is object of Pix's inspection (class-map inspection_default) or not.

Any information that you can send me are welcomed.

Best Regards

Davide