Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1944
Views
0
Helpful
2
Replies

DISA STIG NET0965

joedansereau
Level 1
Level 1

‎05-21-2013 12:41 PM - edited ‎03-11-2019 06:46 PM

I have a ASA-5510 (9.11-4-K8) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:

The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.

Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.

this is possible on a router or switch but can this be configured on the ASA?

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2013 04:33 PM

Hello Joe,

You mean traffic to the box or through the box?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Oscar Quinonez
Level 1
Level 1
In response to Julio Carvajal

‎10-04-2013 03:47 PM

This particular requirment NET0965 is for communications from a client to the ASA. IE: ssh, asdm, bgp, scp etc....

I found how to do it on the IOS ISR platform, but not on the ASA.

also on the IOS ISR platform: use:  ip tcp synwait-time 10

https://tools.cisco.com/Support/CLILookup/cltSearchAction.do login

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card