The following will take care of both TCP and UDP half connections. But for per host, I think it's only possible for TCP. May be it's bcos of that TCP is very susceptible to DoS attacks.
ip inspec max-incomplete ip inspec one-minute With regards Kings On Tue, Jan 25, 2011 at 9:18 PM, Anantha Subramanian Natarajan < [email protected]> wrote: > Hi All, > > I was going through the Cisco IOS Firewall Feature(CBAC) and understood > that,there is a global command "ip inspect tcp max-incomplete host value" to > delete half-open sessions,whenever the number of half-open sessions to the > specified destination host address rises above a threshold.Am trying to > understand a similar command exist for UDP,if not ,any specific technical > reason ,why this command wouldn't be possible for UDP. > > Thanks for the great help > > Regards > Anantha Subramanian Natarajan > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
