Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to limit concurrent UDP connections PER host...

Is it possible to do this on a per host basis? The problem we are having is that the PIX has too many open UDP connections and then can't open new ones hence affecting other users. Finding the one/ones with thousands on connections and clearing them restores traffic but we were hoping to be able to limit each host to a set number of concurrent UDP connections (TCP as well).

Thanks!

2 REPLIES
Cisco Employee

Re: How to limit concurrent UDP connections PER host...

Hi,

I will suggest to check why you have so many open UDP connections.The default timeout value for idle UDP connection is 2min and pix will clear them if its idle for more than 2min.

What software version are you running ?

We can limit the Max. no. of connection for both TCP and UDP and is configured with NAT.

for e.g

This Specifies the maximum number of simultaneous TCP and UDP connections for the entire subnet. The default is 0, which means unlimited connections.

nat (inside) 1 10.1.1.0 255.255.255.0 [max_conn] [emb_conn]

static (inside,outside) x.x.x.x x.x.x.x mask x.x.x.x [max_conn] [emb_conn]

Regards,

Tanveer

Community Member

Re: How to limit concurrent UDP connections PER host...

You could limit the number of connections on a per host basis using service-policy

a) Create access-list to identify your traffic

access-list udp permit udp any

b) Create class map and use

Class map UDP-LIMIT

match access-list udp

c) Use the class map in a policy-map

policy-map

class UDP-limit

set connection limit....

d) apply the policy map to ineterface using service-policy or modify the global policy-map

service-policy in interface

312
Views
0
Helpful
2
Replies
CreatePlease to create content