Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Duplicate TCP SYN

Unanswered Question
Mar 14th, 2014
User Badges:

Support Community,


I've been trying to set up the following commands in my ASA5515 running ver. 9.125 for Duplicat TCP SYN Flood attacks. So I put in the default values that you find in the Cisco documentation but this didnt work for me to well. It slowed the internet down to a crawl and some pages like Cisco.com wouldnt even come up. Going to CNN about a quarter of the graphics would come up. I have an office of 25 people that Im trying to maintain a level of security for. I was wondering if you could direct me in the correct direction, or anybody out there that has enabled this for there network.



John W.


  1. Configuring the commands to help stop SYN Flood attack  or (DOS)

ciscoasa(config)#class-map tcp_syn

ciscoasa(config-cmap)#match port tcp eq 80


ciscoasa(config)#policy-map tcpmap

ciscoasa(config-pmap)#class tcp_syn

ciscoasa(config-pmap-c)#set connection conn-max 100

ciscoasa(config-pmap-c)#set connection embryonic-conn-max 200

ciscoasa(config-pmap-c)#set connection per-client-embryonic-max 10

ciscoasa(config-pmap-c)#set connection per-client-max 10

ciscoasa(config-pmap-c)#set connection random-sequence-number enable

ciscoasa(config-pmap-c)#set connection timeout half-closed 0:0:30 embryonic 0:00:30 dcd 0:0:15 5 idle 1:0:0

ciscoasa(config-pmap-c)#set connection timeout tcp 1:0:0



ciscoasa(config)# service-policy tcpmap interface Internet_access

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion