Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?

Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP
checksum verifications?

Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP
checksum verifications?

A.
Configuration > Firewall > Service Policy Rules

B.
Configuration > Firewall > Advanced > IP Audit > IP Audit Policy

C.
Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures

D.
Configuration > Firewall > Advanced > TCP options

E.
Configuration > Firewall > Objects > TCP Maps

F.
Configuration > Firewall > Objects > Inspect Maps

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/release/notes/rn524.html
shows:

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/protect.html
shows
a. In the TCP Map Name field, enter a name.
b. In the Queue Limit field, enter the maximum number of out-of-order packets, between 0 and
250.
c. In the Reserved Bits area, click Clear and allow, Allow only, or Drop.
Allow only allows packets with the reserved bits in the TCP header.
Clear and allow clears the reserved bits in the TCP header and allows the packet.
Drop drops the packet with the reserved bits in the TCP header.

d. Check any of the following options:
•Clear Urgent Flag—Allows or clears the URG pointer through the security appliance.
•Drop Connection on Window Variation—Drops a connection that has changed its window size
unexpectedly.
•Drop Packets that Exceed Maximum Segment Size—Allows or drops packets that exceed MSS
set by peer.
•Check if transmitted data is the same as original—Enables and disables the retransmit data
checks.
•Drop SYN Packets With Data—Allows or drops SYN packets with data.
•Enable TTL Evasion Protection—Enables or disables the TTL evasion protection offered by the
security appliance.
•Verify TCP Checksum—Enables and disables checksum verification.
e. To set TCP options, check any of the following options:
•Clear Selective Ack—Lists whether the selective-ack TCP option is allowed or cleared.
•Clear TCP Timestamp—Lists whether the TCP timestamp option is allowed or cleared.
•Clear Window Scale—Lists whether the window scale timestamp option is allowed or cleared.
•Range—Lists the valid TCP options ranges, which should fall within 6-7 and 9-255. The lower
bound should be less than or equal to the upper bound.
f. Click OK.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *