Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
590
Views
0
Helpful
1
Replies

PIX : Embryonic counters with Access-lists

steve.saindon
Level 1
Level 1

‎12-18-2002 09:59 AM - edited ‎02-20-2020 10:26 PM

Hi,

Doing a "conduit" to "access-list" conversion in the PIX, I noticed there were no equivalent to the "embryonic" parameter in the static command :

static (DMZ/Internet) <ip address> <ip address> 0 500

where 500 is the number of half-sessions (embryonic) that can be a opened before the PIX reacts. This protects agains Syn attacks.

Anybody knows how we can control this parameter in an Access-list environment on the PIX ?

Thanks !

Steve Saindon

Network Consultant

Interreseau-Conseils Inc.

0 Helpful
1 Reply 1

tvanginneken
Level 4
Level 4

‎12-18-2002 03:09 PM

Hi,

I don't understand your question well. Sorry.

The number of embryonic sessions is configured as part of the 'static' command (not as part of conduits or ACLs).

So it doesn't make any difference if your are using 'conduits' or 'access-lists'. In both cases (conduits or acls) you use the static command to limit the number of embryonic.

Kind Regards,

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card