Hi Piotr, Thanks for your clarification.Seems Cisco IOS firewall consider UDP half-open sessions as any UDP communication which is unidirectional.Is that not right ..I was reading on the command reference on what cisco IOS firewall treats it as UDP half open session.
Kindly correct me. Thanks Regards Anantha Subramanian Natarajan On Tue, Jan 25, 2011 at 11:48 AM, Piotr Matusiak <[email protected]> wrote: > Anantha, > > UDP is connectionless so not half-open connections exist. > > Regards, > Piotr > > 2011/1/25 Anantha Subramanian Natarajan <[email protected]> > >> Hi All, >> >> I was going through the Cisco IOS Firewall Feature(CBAC) and understood >> that,there is a global command "ip inspect tcp max-incomplete host value" to >> delete half-open sessions,whenever the number of half-open sessions to the >> specified destination host address rises above a threshold.Am trying to >> understand a similar command exist for UDP,if not ,any specific technical >> reason ,why this command wouldn't be possible for UDP. >> >> Thanks for the great help >> >> Regards >> Anantha Subramanian Natarajan >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
