56-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
Configuring TCP Maps
Configuring TCP Maps
Use the Add and Edit TCP Map dialog boxes to define TCP normalization maps for use with IPS, QoS,
and Connection Rules service policies. The TCP normalization feature lets you specify criteria that
identify abnormal packets, which the security appliance drops when they are detected. The map is used
for TCP traffic that passes through the device or that is going to the device.
These TCP maps can be applied to TCP flows on PIX 7.x+ and ASA devices. For more information on
configuring IPS, QoS, and Connection Rules, see Chapter 56, “Configuring Service Policy Rules on
Firewall Devices”.
Navigation Path
Select Manage > Policy Objects, then select Maps > TCP Maps from the Object Type selector.
Right-click inside the work area and choose New Object, or right-click a row and choose Edit Object.
These dialog boxes also can be opened by clicking the Create or Edit buttons in the TCP Maps Selector
while defining a Service Policy rule. See the “Connection Settings” section of Step 3. Configure the
MPC actions, page 56-8 for more information about enabling TCP normalization and selecting a TCP
map.
Related Topics
Understanding Map Objects, page 6-72
Field Reference
TFTP UDP/69 Payload IP addresses are not
translated.
XDMCP UDP/177 No NAT or PAT.
Table56-6 Default Inspection Traffic (Continued)
Value Port NAT Limitations Comments
Table56-7 Add and Edit TCP Map Di alog Boxes
Element Description
Name The name of the TCP normalization map. A maximum of 128
characters is allowed.
Description A description of the map object. A maximum of 1024 characters is
allowed.