cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1433
Views
0
Helpful
2
Replies
Highlighted
Beginner

DISA STIG NET0965

I have a ASA-5510 (9.11-4-K8) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:

The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.

Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.

this is possible on a router or switch but can this be configured on the ASA?

Everyone's tags (3)
2 REPLIES 2

DISA STIG NET0965

Hello Joe,

You mean traffic to the box or through the box?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Beginner

Re: DISA STIG NET0965

This particular requirment NET0965 is for communications from a client to the ASA. IE: ssh, asdm, bgp, scp etc....

I found how to do it on the IOS ISR platform, but not on the ASA.

also on the IOS ISR platform: use:  ip tcp synwait-time 10

https://tools.cisco.com/Support/CLILookup/cltSearchAction.do login