Chapter 37
Configuring Inspection of Basic Internet Protocols
Firewall Mode
Routed
•
IP Options Inspect Map
The IP Options Inspect Maps pane lets you view previously configured IP Options inspection maps. An
IP Options inspection map lets you change the default configuration values used for IP Option
inspection.
You can configure IP Options inspection to control which IP packets with specific IP options are allowed
through the security appliance. Configuring this inspection instructs the security appliance to allow a
packet to pass or to clear the specified IP options and then allow the packet to pass.
In particular, you can control whether the security appliance drops, clears, or passes packets containing
the Router Alert (RTRALT) option. Dropping RSVP packets containing the Router Alert option can
cause problems in VoIP implementations. Therefore, you can create IP Options inspection maps to pass
packets containing the RTRALT option.
Fields
IP Options Inspect Maps—Table that lists the defined IP Options inspect maps.
Add—Configures a new IP Options inspect map.
Edit—Edits an existing IP Options inspect map. To edit an IP Options inspect map, choose the entry in
the table and click Edit.
Delete—Deletes the inspect map selected in the IP Options Inspect Maps table.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit IP Options Inspect Map
The Add/Edit IP Options Inspect Map lets you configure the settings for IP Options inspection maps.
Fields
•
•
OL-20339-01
Security Context
Transparent Single
•
•
Security Context
Transparent Single
•
•
Name—When adding an IP Options inspection map, enter the name of the map. When editing a map,
the name of the previously configured map is shown.
Description—Enter the description of the IP Options inspection map, up to 200 characters in length.
Multiple
Context
System
•
—
Multiple
Context
System
•
—
Cisco ASA 5500 Series Configuration Guide using ASDM
IP Options Inspection
37-43