My goal is to limit the number of UDP threads (state info) for each one of my inside users. Since the only way to limit the number of simultaneous connections on the PIX is through the static command, I have created static mappings for each one of my users. Routable IP addresses aren't an issue here 'cause I got plenty. With the nat command, the implied connection limits will be for the whole subnet and not for individual hosts in that subnet. Changing the global timeout values won't solve my problem. Users with P2P software are killing me with over 250 UDP entries each..... PLEASE HELP!!!!
I've read that ver 7.0 does accept udp_max_conns in its syntax but unfortunately, Pix 506 won't do ver 7.0
Using a Cisco PIX Firewall 506 Unlimited License OS Version 6.3(5) Relevant conf lines: sh global global (outside) 1 x.24.110.11
sh nat nat (inside) 1 192.168.1.0 255.255.255.0 0 0
sh static static (inside,outside) x.24.110.28 192.168.1.35 netmask
255.255.255.255 50 10