Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Limiting number of connections

Hi All,

is there any feature in the PIX firewall that limit the number of connections to a given host ?

thanks

Jean

4 REPLIES
New Member

Re: Limiting number of connections

There are 2 ways you can do this.

if you are using static nat then there are options that you add:

static (inside,outside) 1.1.1.1 2.2.2.2 70 50

= 70 Max connections and 50 embryonic

The more recent way is via policy:

class-map MYCLASS

match any

policy-map MYPOL

class MYCLASS

set connection {conn-max number | embryonic-conn-max number |

per-client-embryonic-max number | per-client-max number | random-sequence-number {enable |

disable}}

set connection timeout {tcp [reset]] [half-close ]

[embryonic ] [dcd [ [max-retries]]]}

service-policy MYPOL interface outside

Cisco Employee

Re: Limiting number of connections

you mentioned about Pix, so make sure it runs 7.x as MPF is supported only 7.x onwards

New Member

Re: Limiting number of connections

but what's the difference between the max connection parameter and the embryonic value?

Cisco Employee

Re: Limiting number of connections

133
Views
5
Helpful
4
Replies