trevora Mon, 06/15/2009 - 02:32
User Badges:

There are 2 ways you can do this.

if you are using static nat then there are options that you add:

static (inside,outside) 70 50

= 70 Max connections and 50 embryonic

The more recent way is via policy:

class-map MYCLASS

match any

policy-map MYPOL


set connection {conn-max number | embryonic-conn-max number |

per-client-embryonic-max number | per-client-max number | random-sequence-number {enable |


set connection timeout {tcp [reset]] [half-close ]

[embryonic ] [dcd [ [max-retries]]]}

service-policy MYPOL interface outside

abinjola Mon, 06/15/2009 - 03:39
User Badges:
  • Cisco Employee,

you mentioned about Pix, so make sure it runs 7.x as MPF is supported only 7.x onwards

jeansamarani Mon, 06/15/2009 - 04:33
User Badges:

but what's the difference between the max connection parameter and the embryonic value?


This Discussion