Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
15
Helpful
6
Replies

does cisco router support "tcp reset" mesg when the traffic blocked by access lit ?

Dr.X
Level 2
Level 2

‎07-26-2014 04:43 PM - edited ‎03-07-2019 08:11 PM

hi ,

 

im trying to know if i  blocked a destination with an access list on cisco.

 

can i make "tcp-rest " to that connection instead on dropping it ??

 

i belive it supported on ASA appliance , but not sure if supported on cisco routers.

 

im trying to migrate from linux router to cisco router and apply the same config , one of the challenging task is , i have 

"reject-with=tcp-reset"

 

im wondering if i can do it on cisco router

 

waiting ur responce

 

regards

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎07-26-2014 07:21 PM

Cisco routers do not have the functionality to send a TCP reset when an access list denies the TCP packet.

 

HTH

 

Rick

HTH

Rick

Dr.X
Level 2
Level 2
In response to Richard Burts

‎07-27-2014 03:43 AM

thank you ,

is that option enabled on ASA applainces ??

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Dr.X

‎07-27-2014 12:13 PM

Yes there are some things that you can configure on the ASA that will result in resetting the connection. This includes doing Application Inspection, if you configure the ASA to enforce connection timeouts then it could send a TCP reset if it has closed a connection and the remote device sends another packet on the closed connection, and if you are running IPS on the ASA then that could reset TCP connections.

 

HTH

 

Rick

HTH

Rick

Peter Koltl
Level 7
Level 7
In response to Richard Burts

‎07-27-2014 12:59 PM

service resetinbound

command on ASA

Dr.X
Level 2
Level 2
In response to Peter Koltl

‎07-27-2014 01:25 PM

thank you both , 

i really appreciate ur replies.

 

but ,

 

if i used IPS on the router , can i have wt i need?

 

or it just on ASAs ??

 

regards

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Dr.X

‎07-27-2014 05:54 PM

One of the things that keeps me engaged with these forums is that they challenge me and give me opportunities to learn new things. My initial reaction to your question about IPS on IOS router was to say that this is not supported. But I did some research and find that apparently IPS functionality is now supported on some (but not all) of Cisco IOS routers. See this link for additional detail:

http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card