1-10
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Settings
Configuring Connection Settings
Configuring Connection Settings
To set connection settings, perform the following steps.
Guidelines and Limitations
Depending on the number of CPU cores on your ASA model, the maximum concurrent and embryonic
connections may exceed the configured numbers due to the way each core manages connections. In the
worst case scenario, the ASA allows up to n-1 extra connections and embryonic connections, where n is
the number of cores. For example, if your model has 4 cores, if you configure 6 concurrent connections
and 4 embryonic connections, you could have an additional 3 of each type. To determine the number of
cores for your model, enter the show cpu core command.
urgent-flag {allow | clear} Sets the action for packets with the URG flag. The URG flag is
used to indicate that the packet contains information that is of
higher priority than other data within the stream. The TCP RFC is
vague about the exact interpretation of the URG flag, therefore end
systems handle urgent offsets in different ways, which may make
the end system vulnerable to attacks.
The allow keyword allows packets with the URG flag.
(Default) The clear keyword clears the URG flag and allows the
packet.
window-variation {allow | drop} Sets the action for a connection that has changed its window size
unexpectedly. The window size mechanism allows TCP to
advertise a large window and to subsequently advertise a much
smaller window without having accepted too much data. From the
TCP specification, “shrinking the window” is strongly
discouraged. When this condition is detected, the connection can
be dropped.
(Default) The allow keyword allows connections with a window
variation.
The drop keyword drops connections with a window variation.
Table 1-1 tcp-map Commands (continued)
Command Notes
To Next Page
Loading...
Need help?
General