Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Limit the number of new connection/sec?

Hello,

i have a pix 525 with several vlans. Some are public, others are private (NAT) networks. I'm having problems with my ISP dropping the connection because some of my clients are opening too much new connections/sec. Can the PIX throttle this connections? Or just set a max limit for connection to the outside per client? I don't want to set any kind of limit in the local connections. The PIX is in routed mode and is the center of the network (the network is some kind of a star), so all the routing is done on the PIX.

Thanks for any kind of help,

Regards.

2 REPLIES

Re: Limit the number of new connection/sec?

You can limit the max connection from host or subnet in you nat (pair with global) config, as follow:

nat (real_ifc) nat_id real_ip [mask [dns] [outside] [[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]]

The 'tcp tcp_max_conns' or 'udp tcp_max_conns' will set the maximum number of simultaneous TCP connections for the entire subnet.

hostname(config)# global (outside) 1 209.165.201.1-209.165.201.30

hostname(config)# nat (inside) 1 10.1.1.0 255.255.255.0 1000 0

where 1000 is the max tcp/udp connection can be initiated from 10.1.10 to internet

Refer to the following link for more detail:

http://www.cisco.com/en/US/customer/products/ps6120/products_command_reference_chapter09186a008063f0f7.html#wp1652607

HTH

AK

New Member

Re: Limit the number of new connection/sec?

Doesn't that config limit the connection for all the subnet? If i limit the connections to 1000, and i have 10 clients, with that config is possible to 1 client have 900conns and all the others just 100. Or am i wrong?

227
Views
0
Helpful
2
Replies
CreatePlease to create content