05-21-2013 12:41 PM - edited 03-11-2019 06:46 PM
I have a ASA-5510 (9.11-4-K8) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:
The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.
Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.
this is possible on a router or switch but can this be configured on the ASA?
05-21-2013 04:33 PM
Hello Joe,
You mean traffic to the box or through the box?
Regards
10-04-2013 03:47 PM
This particular requirment NET0965 is for communications from a client to the ASA. IE: ssh, asdm, bgp, scp etc....
I found how to do it on the IOS ISR platform, but not on the ASA.
also on the IOS ISR platform: use: ip tcp synwait-time 10
https://tools.cisco.com/Support/CLILookup/cltSearchAction.do login
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide