Embryonic Limit -what to set it too ?

Unanswered Question
Jul 29th, 2007


With regards to NATs on the Pix, i know you can set an embryonic limit, but how do you know what to set this figure too, i know that leaving it a zero is not good practice, but how what do you set it too ?

Is there a formula or something to work this out ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Sun, 07/29/2007 - 19:15

to the best of my knowledge there's no magic formula.

If you are curious b/c you actually want to know what to set it to in a production environment, your best bet is to ask whomever maintains the inside hosts that are being NAT'ed about what kind/how much of traffic they see.

If you're just curious, Cisco merely states that you should set it low for slower systems, and higher for faster systems.

stuart.jones Sun, 07/29/2007 - 19:28


Thanks for the reply, i have tried on occasion to ask the guys looking after the servers etc what sort of traffic the box could handle et cin terms of connections and 9 times out of 10 you dont get a response or they dont know.

Low for slow and high for faster, are there any general values that could be set for this, even if not from Cisco just in yours or anyone elses experience ?


srue Sun, 07/29/2007 - 19:45

If I were going to implement some sort of embryonic limit policy, I would probably start at 500 and just monitor and adjust accordingly.

use the 'show local-host ' or 'show perfmon' commands to monitor tcp intercept.


This Discussion