Solved: How to configure Limit TCP/UDP Session Using Static rule on ASA 9.1

Bintasan Mokkamakkul · ‎04-27-2014

Hi All,

In ASA 8.0, ASA have function that can specify the maximum number of TCP/UDP connections by using the NAT Static Rule.

like:

static (inside,outside) TCP 209.165.200.15 smtp 172.16.11.15 smtp netmask
    255.255.255.255 TCP 100 50

that can limit maximum TCP/UDP connection, maximum embryonic connections, but I can't find to use this in ASA9.1.

Is it still existing? Or it change to other command that be compatible with NAT object. Please help.

Best Regards,

Bintasan.

Marvin Rhoads · ‎04-28-2014

The ability to limit this per NAT rule was deprecated with the overhaul of NAT functions in ASA 8.3.

Currently we can only limit connections globally or in policy maps using the "set connection" options. Here is a link to the command reference.

Marvin Rhoads · ‎04-28-2014

The ability to limit this per NAT rule was deprecated with the overhaul of NAT functions in ASA 8.3.

Currently we can only limit connections globally or in policy maps using the "set connection" options. Here is a link to the command reference.

Bintasan Mokkamakkul · ‎04-28-2014

Thank you for your answer.

May I ask you if I still must use it to limit the connection or I have other choices that have same result?

I have to use varied limit connection number, so I can't make it in globally.

Do I need to create it with policy map and many access-lists?