07-02-2012 08:08 AM - edited 03-11-2019 04:25 PM
I am running a Cisco ASA 5550 in active/standby mode. We are currently running ASA OS v8.2(3)5. I am wondering if there is a way I could limit source IP concurrent connections coming in my outside interface. Does the ASA have a feature/ACL syntax that supports this?
07-02-2012 08:55 AM
Hello,
You can try this with a MFP, creating ACL to match the traffic, create a calss-map to match the ACL, then a polici map to set the class-map wit the feature conn-max, and placing the policy-map on the outside interface.
Here is a configuration example:
access-list test permit ip host X.X.X.X host Y.Y.Y.Y
class-map test
match access-list test
policy-map test
class test
set connection conn-max " <0-65535> Enter the maximum number of simultaneous connections"
service-policy test interface "outside
Let me know if this works for you.
07-10-2012 09:33 AM
Hello
Was this helpfull for you?
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide