37-44
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 37 Configuring Inspection of Basic Internet Protocols
IPSec Pass Through Inspection
• Parameters—Select which IP options you want to pass through the adaptive security appliance or
clear and then pass through the adaptive security appliance:
–
Allow packets with the End of Options List (EOOL) option
This option, which contains just a single zero byte, appears at the end of all options to mark the end
of a list of options. This might not coincide with the end of the header according to the header length.
–
Allow packets with the No Operation (NOP) option
The Options field in the IP header can contain zero, one, or more options, which makes the total
length of the field variable. However, the IP header must be a multiple of 32 bits. If the number of
bits of all options is not a multiple of 32 bits, the NOP option is used as “internal padding” to align
the options on a 32-bit boundary.
–
Allow packets with the Router Alert (RTRALT) option
This option notifies transit routers to inspect the contents of the packet even when the packet is not
destined for that router. This inspection is valuable when implementing RSVP and similar protocols
require relatively complex processing from the routers along the packets delivery path.
–
Clear the option value from the packets
When an option is checked, the Clear the option value from the packets check box becomes
available for that option. Select the Clear the option value from the packets check box to clear the
option from the packet before allowing the packet through the adaptive security appliance.
Modes
The following table shows the modes in which this feature is available:
IPSec Pass Through Inspection
This section describes the IPSec Pass Through inspection engine. This section includes the following
topics:
• IPSec Pass Through Inspection Overview, page 37-44
• Select IPSec-Pass-Thru Map, page 37-45
• IPSec Pass Through Inspect Map, page 37-45
• Add/Edit IPSec Pass Thru Policy Map (Security Level), page 37-46
• Add/Edit IPSec Pass Thru Policy Map (Details), page 37-47
IPSec Pass Through Inspection Overview
Internet Protocol Security (IPSec) is a protocol suite for securing IP communications by authenticating
and encrypting each IP packet of a data stream. IPSec also includes protocols for establishing mutual
authentication between agents at the beginning of the session and negotiation of cryptographic keys to
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—
To Next Page
Loading...
Need help?
General
