Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX : Embryonic counters with Access-lists

Hi,

Doing a "conduit" to "access-list" conversion in the PIX, I noticed there were no equivalent to the "embryonic" parameter in the static command :

static (DMZ/Internet) <ip address> <ip address> 0 500

where 500 is the number of half-sessions (embryonic) that can be a opened before the PIX reacts. This protects agains Syn attacks.

Anybody knows how we can control this parameter in an Access-list environment on the PIX ?

Thanks !

Steve Saindon

Network Consultant

Interreseau-Conseils Inc.

  • Other Security Subjects
1 REPLY

Re: PIX : Embryonic counters with Access-lists

Hi,

I don't understand your question well. Sorry.

The number of embryonic sessions is configured as part of the 'static' command (not as part of conduits or ACLs).

So it doesn't make any difference if your are using 'conduits' or 'access-lists'. In both cases (conduits or acls) you use the static command to limit the number of embryonic.

Kind Regards,

Tom

97
Views
0
Helpful
1
Replies
This widget could not be displayed.