Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
5
Helpful
3
Replies

7.2(4) code for the ASA

mj11
Level 3
Level 3

‎08-14-2008 06:54 AM - edited ‎03-11-2019 06:31 AM

Hi

I have just come across the following issue: Sysopt seems to be missing in the 7.2(4) code? or has this change?

7.2(3)

ciscoasa# sh run sysopt

no sysopt connection timewait

sysopt connection tcpmss 1380

sysopt connection tcpmss minimum 0

no sysopt nodnsalias inbound

no sysopt nodnsalias outbound

no sysopt radius ignore-secret

sysopt connection permit-vpn

7.2(4)

ciscoasa# sh run sysopt

ciscoasa# <no output>

ciscoasa(config)# sysopt connection ?

configure mode commands/options:

permit-vpn Exempt VPN traffic from access check

tcpmss Set maximum TCP MSS limit, specify keyword minimum to configure

minimum TCP MSS limit. Defaults for maximum and minimum limits

are 1380 and 0 bytes respectively

timewait TCP connection undergoes TIMEWAIT state

ciscoasa(config)# sysopt connection permit-vpn

ciscoasa(config)# sh run sysopt

ciscoasa(config)# <no output>

Regards

Labels:
0 Helpful
3 Replies 3

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-14-2008 11:26 AM

Seems to be a bug, they fixed an older bug in 7.2(4) as per the Bug Tooklit:

CSCsi18713

Symptom:

Commands that are system defaults do not show up in the

typical "show running-config" output. The purpose of the "show running-config all" command

is to allow all configured commands both default and non-default to be viewed in one output.

For PIX/ASA, the output of the command "show running-config all" should

include the the configured sysopt commands such as

"sysopt connection tcpmss 1380" which at present, it does not.

ciscoasa# sh run all | incl sys

ciscoasa# sh run all | incl sysopt

ciscoasa#

Conditions:

Some "sysopt" commands are on as system defaults and do not show in the running configuration output. However, the "show running-config all" output is supposed to show

all commands in the running configuration including the defaults like some sysopt commands. This issue is purely cosmetic and does not affect the operation of the PIX/ASA.

-----------

Or perhaps you can only see the non-default commands using show run sysopt now (after the fix), and for default commands you have to do:

show run all | inc sysopt

You can check this by configuring a non-default config for one of the sysopt commands.

Regards

Farrukh

mj11
Level 3
Level 3
In response to Farrukh Haroon

‎08-14-2008 01:28 PM

Hi Farrukh

Thanks for that,it says this is fixed in 7.2(4) but this is still in this code. thanks for that anyway.

Regards MJ

0 Helpful

slug420
Level 1
Level 1

‎08-14-2008 01:27 PM

the command exists

it is (no) sysopt connection permit-vpn

it only shows up in a show run/show conf when it is disabled and it is enabled by default

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card