TCP Normalization
To provide protection from attacks, the Cisco ASA provides a feature called TCP normalization. TCP normalization is enabled by default and can detect abnormal packets. Once detected these packets can be either allowed, dropped or cleared of its abnormalities.
To configure the TCP normalizer changes are made within the tcp-map. The tcp-map is then assigned to a class-map. This class-map is then assigned to a policy-map which is then assigned to an interface via a service policy.
Example
Within our example we will configure the ASA to permit the TCP header 34 (0x22).
tcp-map TCPMAP-PERMIT-0x22 tcp-options range 34 34 allow policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class ALLOW-TCP-22 set connection advanced-options TCPMAP-PERMIT-0x22 service-policy global_policy global
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial