how does a Cisco ASA appliance process IP fragments?

By default, how does a Cisco ASA appliance process IP fragments?

By default, how does a Cisco ASA appliance process IP fragments?

A.
Each fragment passes through the Cisco ASA appliance without any inspections.

B.
Each fragment is blocked by the Cisco ASA appliance.

C.
The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the
full IP packet is forwarded out.

D.
The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet
have been received.

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/intro.html
Protecting from IP Fragments The adaptive security appliance provides IP fragment protection.
This feature performs full reassembly of all ICMP error messages and virtual reassembly of the
remaining IP fragments that are routed through the adaptive security appliance. Fragments that
fail the security check are dropped and logged. Virtual reassembly cannot be disabled.



Leave a Reply 0

Your email address will not be published. Required fields are marked *