This document provides a sample configuration on how to control the maximum number of management sessions to the Cisco ASA.
There are no specific requirements for this document.
Cisco 5500 series Adaptive Security Appliance device running software release 8.0 and later
This section describes the information you need to configure the features described in this document.
This could be achieved using the MPF architecture of Cisco ASA. From Cisco ASA software release 8.0 onwards, the "set connection" option is introduced to control the number of management traffic flows to Cisco ASA. In this document, it is shown on how to specify the maximum number for telnet sessions.
Identify the traffic as telnet and associate this with "class-map type management" command.
Specify the maximum telnet connection limit as one, using the policy-map command.
Apply the actions on the inside interface using the service-policy command.
In the below shown configuration snippet, it is shown on how to use the MPF to limit the number of telnet sessions to only one.
class-map type management MGMT_CMAP
match port tcp eq telnet
set connection conn-max 1
service-policy MGMT_PMAP interface inside
When you try multiple simultaneous telnet sessions to the Cisco ASA, only one session will work fine and the other session will be dropped by Cisco ASA. This could be verified using the following commands.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 18.104.22.168Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 22.214.171.124R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
Hello All, I have a simple question. What are the risks of using the above-recommended version with a star? My client has FMC and FTD 4110 Firewalls in version 6.6.1.I know that Cisco currently recommends version 6.6.4.Due to BUG, I see tha...