Most of the time everything works fine on the firewall and all the required traffic is passing through the firewall as expected by the configuration.
Sometimes some of the users are not able to a)go online, b)access the servers.
the users facing this issue are able to work with the existing connections but if they try to open a new connection to any servers they fail.
At that time users are not able to go online either. I am able to ping that time but i am not able to telnet.
servers are in one security level and users are in different security level.
If they user remove the lan cable and refix it everthing works normal for that user.
The ''show conn count'' will show you amount of connections at a certain point, you can compare this number to the max. connections that your specific model can handle.
Also, for the servers, they have a limit on the amount of embryonic connections and total connections as well on the STATIC command. (The same applies for dynamic NAT).
If the problem is with the amount of traffic, a temporary solution is to change the timeouts for the XLATEs and connections: ''sh run timeout''
Don't have any logs from the time when the problem happened?
Are you reaching the limit of connections permitted?