Embryonic Limit -what to set it too ?

stuart.jones · ‎07-29-2007

Hi,

With regards to NATs on the Pix, i know you can set an embryonic limit, but how do you know what to set this figure too, i know that leaving it a zero is not good practice, but how what do you set it too ?

Is there a formula or something to work this out ?

Thanks

Stu

srue · ‎07-29-2007

to the best of my knowledge there's no magic formula.

If you are curious b/c you actually want to know what to set it to in a production environment, your best bet is to ask whomever maintains the inside hosts that are being NAT'ed about what kind/how much of traffic they see.

If you're just curious, Cisco merely states that you should set it low for slower systems, and higher for faster systems.

stuart.jones · ‎07-29-2007

srue,

Thanks for the reply, i have tried on occasion to ask the guys looking after the servers etc what sort of traffic the box could handle et cin terms of connections and 9 times out of 10 you dont get a response or they dont know.

Low for slow and high for faster, are there any general values that could be set for this, even if not from Cisco just in yours or anyone elses experience ?

Thanks

srue · ‎07-29-2007

If I were going to implement some sort of embryonic limit policy, I would probably start at 500 and just monitor and adjust accordingly.

use the 'show local-host ' or 'show perfmon' commands to monitor tcp intercept.