53-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter53 Configuring Connection Settings
Configuring Connection Settings
exceed-mss allow
queue-limit 0 timeout 4
reserved-bits allow
syn-data allow
synack-data drop
invalid-ack drop
seq-past-window drop
tcp-options range 6 7 clear
tcp-options range 9 255 clear
tcp-options selective-ack allow
tcp-options timestamp allow
tcp-options window-scale allow
ttl-evasion-protection
urgent-flag clear
window-variation allow-connection
Configuring Connection Settings
This section includes the following topics:
Customizing the TCP Normalizer with a TCP Map, page53-6
Configuring Connection Settings, page53-10

Task Flow For Configuring Configuration Settings (Except Global Timeouts)

Step1 For TCP normalization customization, create a TCP map according to the “Customizing the TCP
Normalizer with a TCP Map” section on page 53-6.
Step2 For all connection settings except for global timeouts, configure a service policy according to
Chapter 32, “Configuring a Service Policy Using the Modular Policy Framework.”
Step3 Configure connection settings according to the “Configuring Connection Settings” section on
page 53-10.

Customizing the TCP Normalizer with a TCP Map

To customize the TCP normalizer, first define the settings using a TCP map.
Detailed Steps
Step1 To specify the TCP normalization criteria that you want to look for, create a TCP map by entering the
following command:
hostname(config)# tcp-map tcp-map-name
For each TCP map, you can customize one or more settings.
Step2 (Optional) Configure the TCP map criteria by entering one or more of the following commands (see
Table53-1). If you want to customize some settings, then the defaults are used for any commands you
do not enter.