Cisco Catalyst 6500 Series Configuration Manual page 117

Catalyst 6500 series switch and cisco 7600 series router firewall services
Hide thumbs Also See for Catalyst 6500 Series:
Table of Contents

Advertisement

Chapter 6
Configuring Basic Settings
To set connection limits for the inside interface (transparent mode) or for any same security interface,
enter the following command:
FWSM/contexta(config)# static ( inside_interface,outside_interface ) local_ip_address
local_ip_address netmask mask [norandomseq] [[tcp] tcp_max_conns [ emb_limit ]]
[udp udp_max_conns ]
Enter the same IP address for both local_ip_address options.
Set one or more of the following options:
norandomseq—No TCP Initial Sequence Number (ISN) randomization. Only use this option if
another in-line firewall is also randomizing sequence numbers and the result is scrambling the data.
See the
numbers.
tcp tcp_max_conns, udp udp_max_conns—The maximum number of simultaneous TCP and/or
UDP connections for the entire subnet up to 65,536. The default is 0 for both protocols, which means
the maximum connections.
emb_limit—The maximum number of embryonic connections per host up to 65,536. An embryonic
connection is a connection request that has not finished the necessary handshake between source and
destination. This limit enables the TCP Intercept feature. (See the
section on page 1-6
connections. You must enter the tcp tcp_max_conns before you enter the emb_limit. If you want to
use the default value for tcp_max_conns, but change the emb_limit, then enter 0 for tcp_max_conns.
For example, to set options for the host 10.1.1.1, enter the following command:
FWSM/contexta(config)# static (inside,outside) 10.1.1.1 10.1.1.1 netmask 255.255.255.255
norandomseq tcp 1000 200 udp 1000
OL-6392-01
"Security Level Overview" section on page 6-6
for more information.) The default is 0, which means the maximum embryonic
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Configuring Connection Limits for Non-NAT Configurations
for information about TCP sequence
"Other Protection Features"
6-11

Advertisement

Table of Contents
loading

This manual is also suitable for:

7600 series

Table of Contents