![](/images/new-backgrounds/1237118/23711883x1.webp)
Chapter 1 Cisco SDM Express
Supplementary Help
The configuration that will be delivered to the router to set the TCP synwait time to 10 seconds is as follows:
ip tcp
Enable Logging
Cisco SDM Express will enable logging with time stamps and sequence numbers whenever possible. Because it gives detailed information about network events, logging is critical in recognizing and responding to security events. Time stamps and sequence numbers provide information about the date, time, and sequence in which network events occur.
The configuration that will be delivered to the router to enable and configure logging is as follows, replacing <log buffer size> and <logging server ip address> with the appropriate values that you enter into Cisco SDM Express:
logging console critical
logging trap debugging
logging buffered <log buffer size>
logging <logging server ip address>
Enable Unicast RPF on Outside Interfaces
Cisco SDM Express enables unicast Reverse Path Forwarding (RPF) on all interfaces that connect to the Internet whenever possible. RPF is a feature that causes the router to check the source address of any packet against the interface through which the packet entered the router. If the input interface is not a feasible path to the source address according to the routing table, the packet will be dropped. This source address verification is used to defeat IP spoofing.
This works only when routing is symmetric. If the network is designed in such a way that traffic from host A to host B may normally take a different path than traffic from host B to host A, the check will always fail, and communication between the two hosts will be impossible. This sort of asymmetric routing is common in the Internet core. Ensure that your network does not use asymmetric routing before enabling this feature.
In addition, unicast RPF can be enabled only when IP Cisco Express Forwarding is enabled. Cisco SDM Express will check the router configuration to see if IP Cisco Express Forwarding is enabled. If IP Cisco Express Forwarding is not
| Cisco SDM Express |