Solved: PIX -Limiting embrionic & total connections from the INSIDE to OUTSIDE.

sheidelbach · ‎12-10-2003

It's way possible and straight forward to limit the number of embrionic and total connections though a PIX from the outside to the inside using the parms in the NAT and STATIC commands.

But is is possible to limit the embrionic and total connections from a host on the INSIDE of the PIX making connections to the outside?

gfullage · ‎12-11-2003

You would do this the exact same way. Let's assume the inside host is 10.1.1.1.

Keep in mind that if you have the following:

static (inside,outside) 50.50.50.50 10.1.1.1 netmask 255.255.255.255 1000 25

then this creates a static for the inside host 10.1.1.1, and will limit connections to OR FROM this host to 1000.

If you don't want to chew up a static (and an external address) for this inside host, you can do something like the following:

global (outside) 20 interface

nat (inside) 20 10.1.1.1 1000 25

and outbound connections from this host will be PAT'd to the outside interface address, but will be limited to 1000 connections or 25 half-open.

View solution in original post

gfullage · ‎12-11-2003