what is Idle embryonic-conn-max NAT limit ?

Akbar ali Sultan · ‎06-21-2016

can somebody please tell me this single command is enough for Nat limit what value should i set for conn max and embryonic conn max.

set connection conn-max 600 embryonic-conn-max 50

Aditya Ganjoo · ‎06-21-2016

Hi Akbar,

This command would be used to limit the connections on the ASA for the TCP/UDP traffic:

set connection conn-max 600 embryonic-conn-max 50

where the conn-max 600 argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535. The default is 0, which allows unlimited connections.

More info is enabled on this link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/conns_connlimits.html

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Akbar ali Sultan · ‎06-21-2016

Thank you Aditya but i want to know the idle value for limiting max connection, 600 and 50 is enough for limit connection or i have to increase it ?

Aditya Ganjoo · ‎06-21-2016

Hi Akbar,

It depends on the number of connections in your network.

You need to check what is suited best to your network.

You need to remember that this number would decide the connections through the box.

So if you put in the number as x, that means any x+1 connection would be dropped even if it's a legitimate traffic.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Akbar ali Sultan · ‎08-10-2016

suppose if i have 50 client what will be the value