Restricting max connections per local host

Unanswered Question
Dec 4th, 2008

We have an ASA 5505 running 8.0. Users connected to the internet through this device report very slow response time. show local-host is showing one particular host with 75+ TCP connections and 50+ UDP connections. We suspect a problem with this machine. The "Intercepting and Responding to Network Attacks" document describes how to set max-conn but it seems to be per interface or global. Is there a way to set max connections per local host?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Thu, 12/04/2008 - 08:58

Hi,


With MPF on the ASA, this should be possible. For example:


access-list 100 permit ip host x.x.x.x any


class-map ONEUSER

match access-list 100


policy-map MAXUSERCONNECTIONS

class ONEUSER

set connection per-client-max 10


service-policy MAXUSERCONNECTIONS interface inside


Regards,

Arul


*Pls rate if it helps*

Actions

This Discussion