https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212526#M349524 <P>I have a ASA-5510 (9.11-4-K8) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:</P><P>The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.</P><P>Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.</P><P></P><P>this is possible on a router or switch but can this be configured on the ASA?</P> Tue, 12 Mar 2019 01:46:55 GMT joedansereau 2019-03-12T01:46:55Z https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212526#M349524 <P>I have a ASA-5510 (9.11-4-K8) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:</P><P>The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.</P><P>Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.</P><P></P><P>this is possible on a router or switch but can this be configured on the ASA?</P> Tue, 12 Mar 2019 01:46:55 GMT https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212526#M349524 joedansereau 2019-03-12T01:46:55Z https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212527#M349526 <HTML><HEAD></HEAD><BODY><P>Hello Joe,</P><P></P><P>You mean traffic to the box or through the box?</P><P></P><P>Regards</P></BODY></HTML> Tue, 21 May 2013 23:33:28 GMT https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212527#M349526 Julio Carvajal 2013-05-21T23:33:28Z https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212528#M349527 <HTML><HEAD></HEAD><BODY><P>This particular requirment NET0965 is for communications from a client to the ASA. IE: ssh, asdm, bgp, scp etc....</P><P></P><P>I found how to do it on the IOS ISR platform, but not on the ASA.</P><P></P><P>also on the IOS ISR platform: use:&nbsp; ip tcp synwait-time 10</P><P></P><P></P><P><A href="https://tools.cisco.com/Support/CLILookup/cltSearchAction.do" rel="nofollow">https://tools.cisco.com/Support/CLILookup/cltSearchAction.do</A> login</P></BODY></HTML> Fri, 04 Oct 2013 22:47:05 GMT https://community.cisco.com/t5/network-security/disa-stig-net0965/m-p/2212528#M349527 Oscar Quinonez 2013-10-04T22:47:05Z