Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,how do I enable the support for TFO (RFC 7413) in Cisco Adaptive Security Appliance Software Version 9.2 ?It seems not to work out of the box, i.e. normal connection establishment (handshake without application data bytes) works well while TFO (...
Question
Hi,
how do I enable the support for TFO (RFC 7413) in Cisco Adaptive Security Appliance Software Version 9.2 ?
It seems not to work out of the box, i.e. normal connection establishment (handshake without application data bytes) works wel...
Hi patoberli,
yes, I got it to work. Here are the code snippets:
tcp-map tcp-map-fastopen synack-data allow tcp-options range 6 7 allow tcp-options range 9 255 allow
You will need a class map to match the tcp stream:
class-map TCP match po...
Hi Jerome,
that was a very helpfull hint. I have started to modify the tcp normalization by allowing data in syn-acks.
syn-ack allow
As this did not fix the problem I configured the tcp map to be most liberal, i.e.:
tcp-map tcp-map-test synack-dat...
