Can ASA do Denial of Service Tuning like IOS Firewall ?

Unanswered Question
Apr 27th, 2008
User Badges:

refer to my error i need to adjust the open half value on ASA but i only see the command in router only

ip inspect tcp max-incomplete host value (default 50) [block-time minutes(default 0)]

reference

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd804e5098.html


does anyone know is it possible to tuning DoS on ASA?

Thanks in Advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dominic.caron Mon, 04/28/2008 - 07:10
User Badges:
  • Silver, 250 points or more

You will find this in your Nat(or static) configuration


You can add the TCP keyword and specify tcp max_conns and emb_lim(half open)


rate helpful post

Actions

This Discussion