Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册

You must preconfigure the utility interface on the ASA using the nameif management-utility 
command.

dns domain-lookup management-utility

dns server-group DefaultDNS

 name-server 1.1.1.1

 domain-name testDomain

<polUni>

    <fvTenant name="tenant1">

        <vnsLDevVip name="Firewall">

            <vnsDevFolder key="DNS" name="DNS">

                <vnsDevParam key="domain_name" name="domain_name" value="testDomain"/>

                <vnsDevParam key="name_server" name="name_server" value="1.1.1.1"/>

            </vnsDevFolder>

        </vnsLDevVip>

    </fvTenant>

</polUni>

This XML example shows connection limits associated with interfaces (global connection limits are not 
supported), matches any traffic, and sets up the maximum number of connections that are allowed. Also 
included are connection limits on internal and external interfaces.

class-map connlimits_internalIf

 match any

policy-map internalIf

 class connlimits_internalIf

  set connection conn-max 654 embryonic-conn-max 456 

service-policy internalIf interface internalIf

<polUni>

    <fvTenant name="tenant1">

        <vnsAbsGraph name = "WebGraph">

            <vnsAbsNode name = "FW1">

                <vnsAbsDevCfg>

                  <vnsAbsFolder key="Interface" name="internalIf">

                       <vnsAbsFolder key="ServicePolicy" name="ConLim-Policy">

                            <vnsAbsParam key="ServicePolicyState" name="PolicyState" value="enable"/>

                            <vnsAbsFolder key="ConnectionLimits" name="ConnLim">