UDP Connection Limit Cisco Pix using static command

Discussion in 'Cisco' started by arplabs, Feb 23, 2006.

  1. arplabs

    arplabs Guest

    Hi there,

    I am trying to limit UDP connections initiated from a higher level sec
    int to a lower level sec int, aka my internal users to the internet.

    I'm using static mapping as so:
    static (inside,outside) x.24.110.26 192.168.1.110 netmask
    255.255.255.255 50 10

    Thing is I can't seem to get the UDP connection limit emphasized. I do
    get the TCP limit working as it shows bellow but no luck for UDP.
    I'm aware UDP is connectionless but the cisco docs for the static
    command clearly says:
    "Specifies the maximum number of simultaneous TCP and UDP connections
    for the entire subnet"

    Could anyone shed some light on this?
    Using a Cisco PIX Firewall 506 Unlimited License OS Version 6.3(5)
    I appreciate it.

    Aless
    Gsurfnet

    pix6# sh local-host 192.168.1.110
    Interface inside: 345 active, 404 maximum active, 0 denied
    local host: <192.168.1.110>,
    TCP connection count/limit = 50/50
    TCP embryonic count = 2
    TCP intercept watermark = 10
    UDP connection count/limit = 342/unlimited
    AAA:
    Xlate(s):
    Global x.24.110.26 Local 192.168.1.110
     
    arplabs, Feb 23, 2006
    #1

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. PIX and STATIC command issues

  2. udp (0) -> udp (0) traffic ?

  3. Static command on cisco PIX Firewall

  4. PIX public/24 ip static mapping means 256 times interfaces static maps?

  5. PIX public/24 ip static mapping means 256 times interfaces static maps?

  6. UDP threads on a Cisco Pix 506 ver 6.3 - How to place a limit on that?

  7. udp traffic not passing over vpnclient connection to pix ASA 7.2

  8. Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside

Loading...