cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
887
Views
0
Helpful
1
Replies

ASA8.2(4) - permit IP option 7

Igor Urosevic
Level 1
Level 1

                   How to configure ASA not to drop packets with ip option 7 (record route)? 

According to the docs, ip inspect ip option will drop all ip option packets except 0,1,and 20 (EOOL, NOP, or RTRALT):

"

If an IP header contains additional options other than EOOL, NOP, or RTRALT, regardless of whether the ASA is configured to allow these options, the ASA will drop the packet. "

Also, policy-map type inspect ip-options treats only these 3.

Tnx!

BR,

Igor

1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Igor,

See what you mean, been there!!

But the ASA was built-in as a security box and that is why will only allow those 3 ip options you let us know if configured. ( as a security design meassure).

So no way to allow the record-route option...

If you do not have any other question, please mark it as answered

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: