ASA 5555x default TCP normalizer settings

Ian Anderson · ‎11-10-2014

Greetings, I am trying to find what is the default actions of the TCP normalizer in the ASA 5555x (9.1(3)). I can see in packet captures that the ASA is stripping some option flags (SACK) and I am also wondering if it is dropping none conforming packets etc etc. So far my research has shown that only specific traffic from specific systems is being stripped, in my case storage replication traffic. Thanks for any details, I am also going to open a TAC case and I will update this thread. Cheers!

Karsten Iwen · ‎11-10-2014

You find much on the defaults in the config-gude:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html#pgfId-1090664

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/conns_connlimits.html#53790

Ian Anderson · ‎11-10-2014

Nice, thanks I can see the list of defaults. Oddly though the one flag that I am curious about (SACK) shows it's allowed by default yet some connections are having it stripped.