Support Community,
I've been trying to set up the following commands in my ASA5515 running ver. 9.125 for Duplicat TCP SYN Flood attacks. So I put in the default values that you find in the Cisco documentation but this didnt work for me to well. It slowed the internet down to a crawl and some pages like Cisco.com wouldnt even come up. Going to CNN about a quarter of the graphics would come up. I have an office of 25 people that Im trying to maintain a level of security for. I was wondering if you could direct me in the correct direction, or anybody out there that has enabled this for there network.
Thanks,
John W.
- Configuring the commands to help stop SYN Flood attack or (DOS)
ciscoasa(config)#class-map tcp_syn
ciscoasa(config-cmap)#match port tcp eq 80
ciscoasa(config-cmap)#exit
ciscoasa(config)#policy-map tcpmap
ciscoasa(config-pmap)#class tcp_syn
ciscoasa(config-pmap-c)#set connection conn-max 100
ciscoasa(config-pmap-c)#set connection embryonic-conn-max 200
ciscoasa(config-pmap-c)#set connection per-client-embryonic-max 10
ciscoasa(config-pmap-c)#set connection per-client-max 10
ciscoasa(config-pmap-c)#set connection random-sequence-number enable
ciscoasa(config-pmap-c)#set connection timeout half-closed 0:0:30 embryonic 0:00:30 dcd 0:0:15 5 idle 1:0:0
ciscoasa(config-pmap-c)#set connection timeout tcp 1:0:0
ciscoasa(config-pmap-c)#exit
ciscoasa(config-pmap)#exit
ciscoasa(config)# service-policy tcpmap interface Internet_access
