I don't believe there is a limit as to how many shun entries you can configure, with the exception that you can only have a single shun entry for a given source address. But you may be limited by the CPU performance of your ASA depending on how much traffic is being dropped. So that being said I would try to keep the amount of shunned IPs to a minimum.
Please remember to select a correct answer and rate helpful posts
Please remember to rate and select a correct answer
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...