Cisco Support Community
Community Member

tcp intercept


How does the acl and tcp intercept work if the goal is to intercept several servers individually.

I experienced that if the tcp intercept list (access-list) is configured with a specific network the intercept seems accumulate all connections to the servers on this network and starts being aggressive when the max thresholds is reached. I though/did expect that the intercept would look individually at each server within the acl specified network (i.e. a counter for each server).

Is this a bug (that it accumulate connection for all servers) or is it a matter of how you define the acl ?

As my router is on a production network it´s a bit difficult for me to do further testing with an acl with host addresses instead of a specific network.

So my question is: If my acl looks like:

access-list permit tcp any host

access-list permit tcp any host

Will the intercept then count connections to each server separate or will it accumulate/summaries connections for both hosts and start being aggressive when the total connections to both and reach the max.??


Gert Schaarup

Community Member

Re: tcp intercept

Hi Gert Schaarup,

The intercept will not count the incomplete connections for each server. Instead, it keeps track of the total incomplete connections for ALL the servers. You can read " ip tcp intercept max-incomplete high " in the link

CreatePlease to create content