Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, does the IOS compress payload (maybe using IPPCP), without VPN module nor compress module? Which is aprox the compression rate?I have found the following doc (http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080...
Hello, I'm limiting the number of embryonic conections in my PIX v6.3(4) with the static command, and I have some doubs.- How can I see the number of SYN that the PIX it's proxing, when is threshold reached? The "show local-host" command doesn't sho...
So, if I have a router without a VPN module nor compress module, it will compress the VPN payload automatically? I have a 3620 router (without any module) with IOS 12.3(6), and with a lot of VPN tunnels established. When I run the command "sh crypt...
I will try to answer my own question:- The only problem that has the use of embryonic limits, beside the firewall performance (the security is his job :-), it's the delay added to the establishment of new connections when the limit is surpassed.- The...
So, do you think a value of 1 in the emb limit is a good value?Another question: I made some test with a PIX configured with a static emb limit, and found that the "TCP embryonic count" (in the output of "show local-host" command) shows the number o...
I think the PIX doesn't block connections when I configure embryonic limit. What it do is intercept TCP SYN packets, allowing only legitims connections between clients and servers.So, what is the disadvantage in configure embryonic limit? A perform...
