Cisco ASA 5505 User Manual

Page 1140

Advertising
background image

53-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 53 Configuring Connection Settings

Configuring Connection Settings

set connection

{[conn-max n]

[embryonic-conn-max n]

[per-client-embryonic-max n]

[per-client-max n] [random-sequence-number

{enable | disable}]}

Example:

hostname(config-pmap-c)# set connection

conn-max 256 random-sequence-number

disable

Sets maximum connection limits or whether TCP sequence
randomization is enabled.

The conn-max n argument sets the maximum number of
simultaneous TCP and/or UDP connections that are allowed,
between 0 and 2000000. The default is 0, which allows unlimited
connections.

If two servers are configured to allow simultaneous TCP and/or
UDP connections, the connection limit is applied to each
configured server separately.

When configured under a class, this argument restricts the
maximum number of simultaneous connections that are allowed
for the entire class. In this case, one attack host can consume all
the connections and leave none of the rest of the hosts matched in
the access list under the class.

The embryonic-conn-max n argument sets the maximum number
of simultaneous embryonic connections allowed, between 0 and
2000000. The default is 0, which allows unlimited connections.

The per-client-embryonic-max n argument sets the maximum
number of simultaneous embryonic connections allowed per
client, between 0 and 2000000. The default is 0, which allows
unlimited connections.

The per-client-max n argument sets the maximum number of
simultaneous connections allowed per client, between 0 and
2000000. The default is 0, which allows unlimited connections.
When configured under a class, this argument restricts the
maximum number of simultaneous connections that are allowed
for each host that is matched through an access list under the
class.

The random-sequence-number {enable | disable} keyword
enables or disables TCP sequence number randomization. See the

“TCP Sequence Randomization” section on page 53-3

section for

more information.

You can enter this command all on one line (in any order), or you
can enter each attribute as a separate command. The ASA
combines the command into one line in the running configuration.

Note

For management traffic, you can only set the conn-max
and embryonic-conn-max keywords.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals