Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Max conns and embryonic conns

I hate to drag this up and it is definitely a "it depends" question, but, I want to configure the max/embryonic conn information for the ASA5550 that I just purchased and unfortunately, I have no starting reference point for these settings. This box will be replacing a PIX 520, can I figure out good historical information from that? The servers that this box will be protecting are your basic Service Provider boxes, running web pages, ftp, mail, dns. I know that it also matters what the horsepower on the servers are, but given a 40k subscriber customer base and good up to date Sun servers, is there a good rule of thumb and how do I know if I'm off and need adjusting. Thanks for any advice, I would hate to leave them 0 0, like I always have.

Travis

3 REPLIES
New Member

Re: Max conns and embryonic conns

Hi Travis,

You should read this:

http://www.tech-mavens.com/synflood.htm

However I have a Cisco FWSM1 module and I set embryonic limit to 120 per NAT pool and per static.

Re: Max conns and embryonic conns

Hi Travis, go over the begining of this link as well as under configuring connection limits and timeouts.

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/protect.html#wp1053110

HTH

Jorge

Gold

Re: Max conns and embryonic conns

ask your server guys for what kinds of traffic they see. Hopefully, they have some sort of traffic statistics that they probably use for capacity planning.

183
Views
0
Helpful
3
Replies
CreatePlease to create content