STEP1: Identify the traffic to apply connection limits using a class map
ASA(config)# access list CONNS-ACL extended permit ip any 10.1.1.1 255.255.255.255ASA(config)# class-map CONNS-MAPASA(config-cmap)# match access-list CONNS-ACL
STEP2: Add a policy map to set the actions to take on the class map traffic
ASA(config)# policy-map CONNS-POLICYASA(config-pmap)# class CONNS-MAP! The following sets connection number limitsASA(config-pmap-c)# set connection {[conn-max n] [embryonic-conn-max n][per-client-embryonic-max n] [per-client-max n] [random-sequence-number {enable disable}]}
where the conn-max n argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535.
The embryonic-conn-max n argument sets the maximum number of simultaneous embryonic connections allowed, between 0 and 65535.
The per-client-embryonic-max n argument sets the maximum number of simultaneous embryonic connections allowed per client, between 0 and 65535.
The per-client-max n argument sets the maximum number of simultaneous connections allowed per client, between 0 and 65535.
! The following sets connection timeoutsASA(config-pmap-c)# set connection timeout {[embryonic hh:mm:ss] {tcp hh:mm:ss[reset]] [half-closed hh:mm:ss] [dcd hh:mm:ss [max_retries]]}
STEP3: Apply the Policy on one or more interfaces or Globaly
ASA(config)# service-policy CONNS-POLICY {global interface interface_name}
Subscribe to:
Post Comments (Atom)
guud
ReplyDelete