Configuring TCP State Bypass
Router(config-if)# ip nbar protocol-tagging vlan-list 100
! Tagging
Router(config-if)# mtu 9216
! Allow packet size up to 9216 bytes without fragmenting
Router(config)# system jumbomtu 9216
! Set global LAN port MTU to 9216 bytes
Monitoring PISA Connections
This section includes the following topics:
•
•
Syslog Message for Dropped Connections
Syslog message 302014 (for TCP) and 302016 (for UDP) display when a PISA connection is denied. For
example:
%FWSM-6-302014: Teardown TCP connection 144547133155839947 for inside:10.1.1.12/33407 to
outside:209.165.201.10/21 duration 0:00:00 bytes 160 PISA denied protocol
Viewing PISA Connections on the FWSM
To monitor connections from the PISA, use the show conn command. Connections that are tagged by
the PISA are listed in the output with the "p" flag. The following is sample output from the show conn
command:
hostname# show conn
2 in use, 3 most used
Network Processor 1 connections
TCP out 10.1.1.10:21 in 209.165.201.12:33406 idle 0:00:04 Bytes 1668 FLAGS - UOIp
Network Processor 2 connections
UDP out 10.1.1.255:137 in 10.1.1.11:137 idle 0:00:48 Bytes 288 FLAGS -
Multicast sessions:
Network Processor 1 connections
Network Processor 2 connections
IPv6 connections:
...
Configuring TCP State Bypass
This section describes how to configure TCP state bypass, and includes the following topics:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
21-10
Syslog Message for Dropped Connections, page 21-10
Viewing PISA Connections on the FWSM, page 21-10
TCP State Bypass Overview, page 21-11
Enabling TCP State Bypass, page 21-13
Chapter 21
Configuring Advanced Connection Features
OL-20748-01