%TCP-2-TCP_MAXESTABLISHED: Possible TCP ACK attack. Maximum established
The system counts the number of simultaneous open connections in SYN or EST states. When The count has exceeded the threshold, the system believes it is under a denial of service attack and this syslog message appears.
Recommended Action: Close traffic on the management port and determine the source of the denial of service attack.
The TCP-2-TCP_MAXESTABLISHED system message may appear during simultaneous webauth authentication with a large number of hosts.
This problem is resolved in software release 8.6(1). (CSCsf14780)