Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can ASA do Denial of Service Tuning like IOS Firewall ?

refer to my error i need to adjust the open half value on ASA but i only see the command in router only

ip inspect tcp max-incomplete host value (default 50) [block-time minutes(default 0)]

reference

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd804e5098.html

does anyone know is it possible to tuning DoS on ASA?

Thanks in Advance

1 REPLY

Re: Can ASA do Denial of Service Tuning like IOS Firewall ?

You will find this in your Nat(or static) configuration

You can add the TCP keyword and specify tcp max_conns and emb_lim(half open)

rate helpful post

129
Views
0
Helpful
1
Replies
CreatePlease login to create content