Cisco Systems and the ASA Services Module Manual De Usuario

22-11

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 22 Configuring Connection Settings

Configuring Connection Settings

To set connection settings, perform the following steps.

Detailed Steps

urgent-flag {allow | clear}

Sets the action for packets with the URG flag. The URG flag is
used to indicate that the packet contains information that is of
higher priority than other data within the stream. The TCP RFC is
vague about the exact interpretation of the URG flag, therefore end
systems handle urgent offsets in different ways, which may make
the end system vulnerable to attacks.

The allow keyword allows packets with the URG flag.

(Default) The clear keyword clears the URG flag and allows the
packet.

window-variation {allow | drop} Sets the action for a connection that has changed its window size

unexpectedly. The window size mechanism allows TCP to
advertise a large window and to subsequently advertise a much
smaller window without having accepted too much data. From the
TCP specification, “shrinking the window” is strongly
discouraged. When this condition is detected, the connection can
be dropped.

(Default) The allow keyword allows connections with a window
variation.

The drop keyword drops connections with a window variation.

Table 22-1

tcp-map Commands (continued)

Command

Notes

Command

Purpose

Step 1

class-map

name

Example:

ciscoasa(config)# class-map bypass_traffic

Creates a class map to identify the traffic for which you want to
disable stateful firewall inspection.

Step 2

match

parameter

Example:

ciscoasa(config-cmap)# match access-list

bypass

Specifies the traffic in the class map. See the

“Identifying Traffic

(Layer 3/4 Class Maps)” section on page 1-12

for more

information.