trevora Mon, 06/15/2009 - 02:32
User Badges:

There are 2 ways you can do this.

if you are using static nat then there are options that you add:

static (inside,outside) 1.1.1.1 2.2.2.2 70 50

= 70 Max connections and 50 embryonic


The more recent way is via policy:

class-map MYCLASS

match any


policy-map MYPOL

class MYCLASS

set connection {conn-max number | embryonic-conn-max number |

per-client-embryonic-max number | per-client-max number | random-sequence-number {enable |

disable}}

set connection timeout {tcp [reset]] [half-close ]

[embryonic ] [dcd [ [max-retries]]]}


service-policy MYPOL interface outside


abinjola Mon, 06/15/2009 - 03:39
User Badges:
  • Cisco Employee,

you mentioned about Pix, so make sure it runs 7.x as MPF is supported only 7.x onwards

jeansamarani Mon, 06/15/2009 - 04:33
User Badges:

but what's the difference between the max connection parameter and the embryonic value?


Actions

This Discussion