Configuring How The Ace Handles Reserved Bits; Configuring The Timeout For An Embryonic Connection - Cisco 4700M Configuration Manual

Configuring a Connection Parameter Map for TCP/IP Normalization and Termination
Note

Configuring How the ACE Handles Reserved Bits

Configuring the Timeout for an Embryonic Connection

Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
4-14
Chapter 4
To disable sequence number randomization, enter:
host1/C1(config-parammap-conn)# no random-sequence-number
You cannot disable sequence number randomization for Layer 7 traffic flows.
You can configure how an ACE handles segments with the reserved bits set in the
TCP header by using the reserved-bits command in parameter map connection
configuration mode. The six reserved bits in the TCP header are for future use and
usually have a value of 0. The syntax of this command is as follows:
reserved-bits {allow | clear | drop}
The keywords are as follows:
allow—(Default) Permits segments with the reserved bits set in the TCP
•
header
clear—Clears the reserved bits in the TCP header and allows the segment
•
drop—Discards segments with reserved bits set in the TCP header
•
For example, to configure the ACE to clear the reserved bits set in the TCP header
of segments, enter:
host1/C1(config-parammap-conn)# reserved-bits clear
To reset the ACE behavior to the default of allowing reserved bits set in the TCP
header of a segment, enter:
host1/C1(config-parammap-conn)# no reserved-bits clear
Occasionally, the TCP three-way handshake for a connection may not complete
for some reason. This type of connection is called an embryonic connection. To
configure a timeout for embryonic connections, use the set tcp timeout
embryonic command in parameter map connection configuration mode.
Configuring TCP/IP Normalization and IP Reassembly Parameters
OL-16202-01