We help IT Professionals succeed at work.

Class Maps and Policy Maps on ASA

AXISHK
AXISHK asked
on
522 Views
Last Modified: 2012-05-08
How the access-list and Policy map should be put on ASA such that limit the users from spawning hundreds of connectoins from their P2P clients ?

Thanks
Comment
Watch Question

Top Expert 2010

Commented:

Author

Commented:
Thanks,
Is there a way to restrict the only UDP connection  per user as the per-client-max only set the no. of connection for TCP + UDP, correct ?

How does ASA know a unique client ? Do they identify each client by IP address ?

THnaks
Top Expert 2010

Commented:
It is identified by IP.  

[Conn-max n] would set total UDP connections, where [per-client-max] sets total connections per client  TCP and UDP....  

I suppose the best way would be to define an ACL that only matches UDP traffic....  

Following the example:
ASA(config)# access list CONNS-ACL extended permit udp any 10.1.1.1 255.255.255.255
ASA(config)# class-map CONNS-MAP
ASA(config-cmap)# match access-list CONNS-ACL

Then create the per-client-max for total conenctions which should only limit UDP since it was all that was matched in the ACL...  

Sounds like it should work in theory....

Author

Commented:
Thanks, it seems work.

One more question,  Suppose that current max connection has reached 50 and there is a new UDP conenction, will ASA drop it, or replace the longest one in the conn table with it ?

So when will the UDP connectoin time-out ? Is there a way to control that ?

Thanks
Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.