Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1248
Views
5
Helpful
6
Replies

ASA Security Contexts - rate limit

niima
Level 1
Level 1

‎06-17-2018 07:28 AM - edited ‎02-21-2020 07:53 AM

Dear experts,

 

Is one able to rate limit below items when configuring security context on a ASA5520?

 

1) NAT

2)MAC Learning

3) Stateful packet inspections

 

My understanding is that only ASDM sessions rate and connections rate as well as syslog msg rates are the only options to rate limit? Am I wrong? your input is much appreciated.

Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-17-2018 07:46 AM

Yes to all three - as well as several others you didn't mention. 

 

A complete listing can be found here:

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/configuration/general/asa-99-general-config/ha-contexts.html#ID-2171-00000181

0 Helpful

niima
Level 1
Level 1
In response to Marvin Rhoads

‎06-17-2018 07:55 AM

Hi Marvin,

 

Appreciate your prompt response. However I am a bit confused. The list mentions about mac-address and inspect. (attached)

 

mac-address: does it mean the rate limit of mac address learning in a second or its only the maximum number of macs in the mac table?

 

inspect: is it only Application inspections per second or its stateful packet inspection as well? (I don't think this two are the same, are they?)

 

 

Preview file
22 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to niima

‎06-17-2018 08:01 AM

You're welcome.

 

For mac address it's the latter.

 

Inspects is (are) application inspections per second.

 

What's the use case you're looking to address with the answer to these questions?

niima
Level 1
Level 1
In response to Marvin Rhoads

‎06-17-2018 08:43 AM

I am preparing for an exam, I came up to a question that I found in a discussion forum which many people are arguing on different answers.

 

It is asking: which three resource class limits can be set using a rate limit? (Choose three.)

A. address translation rate
B. Cisco ASDM session rate
C. connections rate
D. MAC-address learning rate (when in transparent mode)
E. syslog messages rate
F. stateful packet inspections rate

0 Helpful

niima
Level 1
Level 1
In response to niima

‎06-17-2018 10:19 PM

So what are your thoughts Melvin?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to niima

‎06-18-2018 07:30 AM

The answer would be c, e, and f.

 

The reason is because, as indicated in the link I provided earlier, those are the only parameters in that list that are limited by "rate" (vs. by a "concurrent" number).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card