Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Restricting max connections per local host

We have an ASA 5505 running 8.0. Users connected to the internet through this device report very slow response time. show local-host is showing one particular host with 75+ TCP connections and 50+ UDP connections. We suspect a problem with this machine. The "Intercepting and Responding to Network Attacks" document describes how to set max-conn but it seems to be per interface or global. Is there a way to set max connections per local host?

1 REPLY
Cisco Employee

Re: Restricting max connections per local host

Hi,

With MPF on the ASA, this should be possible. For example:

access-list 100 permit ip host x.x.x.x any

class-map ONEUSER

match access-list 100

policy-map MAXUSERCONNECTIONS

class ONEUSER

set connection per-client-max 10

service-policy MAXUSERCONNECTIONS interface inside

Regards,

Arul

*Pls rate if it helps*

289
Views
0
Helpful
1
Replies
CreatePlease to create content