Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

does cisco router support "tcp reset" mesg when the traffic blocked by access lit ?

hi ,

 

im trying to know if i  blocked a destination with an access list on cisco.

 

can i make "tcp-rest " to that connection instead on dropping it ??

 

i belive it supported on ASA appliance , but not sure if supported on cisco routers.

 

im trying to migrate from linux router to cisco router and apply the same config , one of the challenging task is , i have 

"reject-with=tcp-reset"

 

im wondering if i can do it on cisco router

 

waiting ur responce

 

regards

6 REPLIES
Hall of Fame Super Silver

Cisco routers do not have the

Cisco routers do not have the functionality to send a TCP reset when an access list denies the TCP packet.

 

HTH

 

Rick

New Member

thank you ,is that option

thank you ,

is that option enabled on ASA applainces ??

Hall of Fame Super Silver

Yes there are some things

Yes there are some things that you can configure on the ASA that will result in resetting the connection. This includes doing Application Inspection, if you configure the ASA to enforce connection timeouts then it could send a TCP reset if it has closed a connection and the remote device sends another packet on the closed connection, and if you are running IPS on the ASA then that could reset TCP connections.

 

HTH

 

Rick

Silver

service resetinboundcommand

service resetinbound

command on ASA

New Member

thank you both , i really

thank you both , 

i really appreciate ur replies.

 

but ,

 

if i used IPS on the router , can i have wt i need?

 

or it just on ASAs ??

 

regards

Hall of Fame Super Silver

One of the things that keeps

One of the things that keeps me engaged with these forums is that they challenge me and give me opportunities to learn new things. My initial reaction to your question about IPS on IOS router was to say that this is not supported. But I did some research and find that apparently IPS functionality is now supported on some (but not all) of Cisco IOS routers. See this link for additional detail:

http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/product_data_sheet0900aecd803137cf.html

 

HTH

 

Rick

83
Views
15
Helpful
6
Replies
CreatePlease to create content