Hi All,
I have been looking at the Pix Vulnerability reported by Cisco - A remote user can cause TCP connections to be blocked. There is a work around which effectively is this:
access-list tcp_inspection extended permit tcp any any
access-list tcp_inspection extended deny ip any any
class-map my_inspection_tcp
match access-list tcp_inspection
policy-map global_policy
class my_inspection_tcp
set connection timeout embryonic 0:00:10
sett connection embryonic-conn max 1
set coonection advanced-options verify-chksum
service-policy global global
Has anyone configured this. My Pix 6.3 does not recognise the extneded in the first line and the class-map. Am I missing something in installing this work around?
Help appreciated.
Adrian Jones
I have been looking at the Pix Vulnerability reported by Cisco - A remote user can cause TCP connections to be blocked. There is a work around which effectively is this:
access-list tcp_inspection extended permit tcp any any
access-list tcp_inspection extended deny ip any any
class-map my_inspection_tcp
match access-list tcp_inspection
policy-map global_policy
class my_inspection_tcp
set connection timeout embryonic 0:00:10
sett connection embryonic-conn max 1
set coonection advanced-options verify-chksum
service-policy global global
Has anyone configured this. My Pix 6.3 does not recognise the extneded in the first line and the class-map. Am I missing something in installing this work around?
Help appreciated.
Adrian Jones