Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Rate based shun on Cisco Pix

Hi,

I have a client with a requirement to shun or block traffic from source IPs based on the rate of connections.

So if the Pix were to see 10 SSH connections from the same source IP in a certain period it would block/shun the source IP

This is version 6 code at the minute, though upgrades due shortly but for the minute would need a version 6 solution

Thanks in adavnce for your help

Everyone's tags (2)
3 REPLIES
Cisco Employee

Re: Rate based shun on Cisco Pix

Not something which is supported on PIX unfortunately.

New Member

Re: Rate based shun on Cisco Pix

Hi halijenn

Thanks for your reply, is it a feature in newer versions of the OS do you know or is it just not a feature at all ?

Wondering if your response was based on version 6.

Thanks

Stu

Cisco Employee

Re: Rate based shun on Cisco Pix

The feature is not supported in PIX version 6.x.

In the later version, you can configure "per-client-max" - maximum number of simultaneous connections allowed per client, however, you can't specify the period of time unfortunately.

Here is the command if you are interested:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_connlimits.html#wp1080774

352
Views
0
Helpful
3
Replies
CreatePlease to create content