Cisco Systems and the ASA Services Module Manual De Usuario
22-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 22 Configuring Connection Settings
Monitoring Connection Settings
Monitoring Connection Settings
To monitor TCP state bypass, perform one of the following tasks:
Configuration Examples for Connection Settings
This section includes the following topics:
•
•
•
Configuration Examples for Connection Limits and Timeouts
The following example sets the connection limits and timeouts for all traffic:
ciscoasa(config)# class-map CONNS
ciscoasa(config-cmap)# match any
ciscoasa(config-cmap)# policy-map CONNS
ciscoasa(config-pmap)# class CONNS
set connection advanced-options
tcp-map-name
Example:
ciscoasa(config-pmap-c)# set connection
advanced-options tcp_map1
Customizes the TCP normalizer. See the
TCP map.
set connection advanced-options
tcp-state-bypass
Example:
ciscoasa(config-pmap-c)# set connection
advanced-options tcp-state-bypass
Enables TCP state bypass.
Step 6
service-policy
policymap_name {global |
interface
interface_name}
Example:
ciscoasa(config)# service-policy
tcp_bypass_policy outside
Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
Command
Purpose
Command
Purpose
show conn
If you use the show conn command, the display for connections that use
TCP state bypass includes the flag “b.”
TCP state bypass includes the flag “b.”