This document provides a sample configuration on how to control the maximum number of management sessions to the Cisco ASA.
There are no specific requirements for this document.
Cisco 5500 series Adaptive Security Appliance device running software release 8.0 and later
This section describes the information you need to configure the features described in this document.
This could be achieved using the MPF architecture of Cisco ASA. From Cisco ASA software release 8.0 onwards, the "set connection" option is introduced to control the number of management traffic flows to Cisco ASA. In this document, it is shown on how to specify the maximum number for telnet sessions.
Identify the traffic as telnet and associate this with "class-map type management" command.
Specify the maximum telnet connection limit as one, using the policy-map command.
Apply the actions on the inside interface using the service-policy command.
In the below shown configuration snippet, it is shown on how to use the MPF to limit the number of telnet sessions to only one.
class-map type management MGMT_CMAP
match port tcp eq telnet
set connection conn-max 1
service-policy MGMT_PMAP interface inside
When you try multiple simultaneous telnet sessions to the Cisco ASA, only one session will work fine and the other session will be dropped by Cisco ASA. This could be verified using the following commands.