Chapter 4
Configuring TCP/IP Normalization and IP Reassembly Parameters
IP Normalization Overview
TCP/IP Normalization and Termination Configuration
Quick Start
OL-16202-01
In addition to TCP normalization, the ACE uses a Layer 3 feature called IP
normalization to protect itself and the data center from a variety of attacks.
IP normalization performs the following series of checks on IP packets:
General security checks
•
ICMP security checks
•
Fragmentation security checks
•
•
IP fragment reassembly
IP fragmentation if a packet exceeds the outbound maximum transmission
•
unit (MTU)
If a packet fails one of these checks, the ACE takes action (including discarding
a packet) depending on the IP parameters that you configure.
To configure the type of service (ToS) for IP traffic, use the set ip tos command
in a connection parameter map.
To configure interface-related IP normalization parameters, see the
Interface Normalization Parameters"
Table 4-1
provides a quick overview of the steps required to configure TCP
normalization. Each step includes the CLI command or a reference to the
procedure required to complete the task. For a complete description of each
feature and all the options associated with the CLI commands, see the sections
following
Table
4-1.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
IP Normalization Overview
section.
"Configuring
4-3