Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
2
Replies

How to limit concurrent UDP connections PER host...

cnap-ccsn
Level 1
Level 1

‎02-08-2006 04:50 PM - edited ‎03-09-2019 01:52 PM

Is it possible to do this on a per host basis? The problem we are having is that the PIX has too many open UDP connections and then can't open new ones hence affecting other users. Finding the one/ones with thousands on connections and clearing them restores traffic but we were hoping to be able to limit each host to a set number of concurrent UDP connections (TCP as well).

Thanks!

Labels:
0 Helpful
2 Replies 2

thamdani
Cisco Employee
Cisco Employee

‎02-08-2006 10:45 PM

Hi,

I will suggest to check why you have so many open UDP connections.The default timeout value for idle UDP connection is 2min and pix will clear them if its idle for more than 2min.

What software version are you running ?

We can limit the Max. no. of connection for both TCP and UDP and is configured with NAT.

for e.g

This Specifies the maximum number of simultaneous TCP and UDP connections for the entire subnet. The default is 0, which means unlimited connections.

nat (inside) 1 10.1.1.0 255.255.255.0 [max_conn] [emb_conn]

static (inside,outside) x.x.x.x x.x.x.x mask x.x.x.x [max_conn] [emb_conn]

Regards,

Tanveer

0 Helpful

varakantam
Level 1
Level 1

‎02-09-2006 02:03 AM

You could limit the number of connections on a per host basis using service-policy

a) Create access-list to identify your traffic

access-list udp permit udp any

b) Create class map and use

Class map UDP-LIMIT

match access-list udp

c) Use the class map in a policy-map

policy-map

class UDP-limit

set connection limit....

d) apply the policy map to ineterface using service-policy or modify the global policy-map

service-policy in interface

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents