Hi, I just took a quick overview of the release notes of ASA Release: 8.2.2.ED and notices this:
Inspection for IP Options: You can now control which IP packets with specific IP options should be allowed through the adaptive security appliance. You can also clear IP options from an IP packet, and then allow it through the adaptive security appliance. Previously, all IP options were denied by default, except for some special cases. Note This inspection is enabled by default. The following command is added to the default global service policy: inspect ip-options. Therefore, the adaptive security appliance allows RSVP traffic that contains packets with the Router Alert option (option 20) when the adaptive security appliance is in routed mode. The following commands were introduced: policy-map type inspect ip-options, inspect ip-options, eool, nop. What is the difference between using this option compared to allow the packet with the ip option? Does it mean that i can clear the ip option and then allow the packet with the cleared ip option? I'm unsure if thsi was possible before. Cheers Simon _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
