TCP Normalization
To provide protection from attacks, the Cisco ASA provides a feature called TCP normalization. TCP normalization is enabled by default and can detect abnormal packets. Once detected these packets can be either allowed, dropped or cleared of its abnormalities.
To configure the TCP normalizer changes are made within the tcp-map. The tcp-map is then assigned to a class-map. This class-map is then assigned to a policy-map which is then assigned to an interface via a service policy.
Example
Within our example we will configure the ASA to permit the TCP header 34 (0x22).
tcp-map TCPMAP-PERMIT-0x22
tcp-options range 34 34 allow
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class ALLOW-TCP-22
set connection advanced-options TCPMAP-PERMIT-0x22
service-policy global_policy global
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial