Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Filtering multiple requests from same ip

Hello,

In my current setup i am using ASA5520 v8.3 to filter unwanted traffic  via ACL and NAT to different servers, everything running according to  plan but i am trying to create an ACL that will block  multiple simultaneous requests from one single ip, for example if i get  1000 request on the 80 port from the same ip to drop those packets and  don't pass them to the web server killing it. Any suggestions how to  accomplish this ?

Thank you.

1 REPLY
Cisco Employee

Re: Filtering multiple requests from same ip

You can do that as explained in the example in http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml

ciscoasa(config)#class-map tcp_syn

ciscoasa(config-cmap)#match port tcp eq 80

ciscoasa(config-cmap)#exit

ciscoasa(config)#policy-map tcpmap

ciscoasa(config-pmap)#class tcp_syn

ciscoasa(config-pmap-c)#set connection conn-max 100

ciscoasa(config-pmap-c)#set connection embryonic-conn-max 200

ciscoasa(config-pmap-c)#set connection per-client-embryonic-max 10

ciscoasa(config-pmap-c)#set connection per-client-max 5

ciscoasa(config-pmap-c)#set connection random-sequence-number enable

ciscoasa(config-pmap-c)#set connection timeout embryonic 0:0:45

ciscoasa(config-pmap-c)#set connection timeout half-closed 0:25:0

ciscoasa(config-pmap-c)#set connection timeout tcp 2:0:0

ciscoasa(config-pmap-c)#exit

ciscoasa(config-pmap)#exit

ciscoasa(config)#service-policy tcpmap global

I think that is what you need.

PK

172
Views
0
Helpful
1
Replies
CreatePlease to create content