The policy is applied to all
packets entering the outside interface.
Example 6-30. Configuring a Modular Policy Framework with the TCP Normalization Feature
hostname(config)# access-list 100 permit tcp any any
hostname(config)# tcp-map permit-mss-packets
hostname(config-tcp-map)# exceed-mss allow
hostname(config-tcp-map)# exit
hostname(config)# class-map all-tcp-traffic
hostname(config-cmap)# match access-list 100
hostname(config-cmap)# exit
hostname(config)# policy-map allow-mss-packets
hostname(config-pmap)# class all-tcp-traffic
hostname(config-pmap-c)# set connection advanced-options permit-mss-packets
hostname(config-pmap-c)# exit
hostname(config-pmap)# exit
hostname(config)# service-policy allow-mss-packets interface outside
Use the show service-policy command to display the configured policies and their settings.
Cisco AnyConnect VPN Client
Security Appliance Software Version 8.0 debuts the support for Cisco AnyConnect VPN Client connections. The Cisco
AnyConnect VPN Client is the next-generation VPN client, which provides remote users with secure VPN connections to the
Cisco ASA 5500 Appliance by using the Secure Socket Layer (SSL) protocol.
Cisco AnyConnect VPN Client provides all the benefits of a Cisco SSL VPN client, and additionally supports applications and
functions unavailable to a clientless, browser-based SSL VPN connection.
Pages:
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320