Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Rate-Limit number of connections from a source

Hi, we currently have an application thatcustomers connect to in order to sent bulk sms messages. Since application level cannot enforce max number of connection per client, I was wondering if there is a way to do it using PIX 7.x.

For example we may need to enforce that customer X can open 10 connections to application while customer Y can open 5 connections to the application.

2 REPLIES
New Member

Re: Rate-Limit number of connections from a source

Hi again,

I Just realise that there is a conn-max command under policy-map for actions....

fw(config-pmap-c)# set connection ?

mpf-policy-map-class mode commands/options:

advanced-options Configure advanced connection parameters

conn-max Keyword to set the maximum number of all simultaneous

connections that are allowed. Default is 0 which

means unlimited connections.

embryonic-conn-max Keyword to set the maximum number of TCP embryonic

connections that are allowed. Default is 0 which

means unlimited connections.

random-sequence-number Enable/disable TCP sequence number randomization.

Default is to enable TCP sequence number

randomization

timeout Configure connection timeout parameters

So what i did is created a class-map for each customer and under policy-map set the number of connections.

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/mpc.html

Silver

Re: Rate-Limit number of connections from a source

access-list tcp_inspection extended permit tcp any any

access-list tcp_inspection extended deny ip any any

class-map my_inspection_tcp

match access-list tcp_inspection

policy-map global_policy

class my_inspection_tcp

set connection embryonic-conn-max 1

service-policy global_policy global

If in case above will not Wok properly than second option is websense authentication.

Define on wesense One Group, Put all are IP adress that uses by CuSTomer. Define that group MAX connection.

You can also define On websense .. Maximu time of access, amount of Access Limit etc.

Regards,

Dharmesh Purohit

293
Views
3
Helpful
2
Replies
CreatePlease login to create content