ASA Connections counts

Answered Question
Sep 15th, 2010
User Badges:

We have couple routers taht we can get connection information ( like emby. max etc )....similiar to this:



router#show ip inspect statistics
Packet inspection statistics [process switch:fast switch]
tcp packets: [528:22519]
udp packets: [318:0]
Interfaces configured for inspection 1
Session creations since subsystem startup or last reset 766
Current session counts (estab/half-open/terminating) [1:0:0]
Maxever session counts (estab/half-open/terminating) [48:12:5]
Can I get sessions/connection information like this on the asa ( max estab, half-open, termination... ) .  I have a service policy to limit connections:
Set connection policy: per-client-max 40 per-client-embryonic-max 80
But, its not giving me any historical information....Is this possible?
Thanks,
Jason
Correct Answer by praprama about 6 years 9 months ago

Hey,


I don't think that is going to be possible. I suppose it will be asking too much of the ASA to keep in its memory a count of all the conncetions until present considering the number of connections it will be processing.


Regards,

Prapanch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jbeltrame Wed, 09/15/2010 - 17:36
User Badges:

Basically, i am looking for more of a historical count so that I can appropriately set the per client connection limits and embryonic limits.  So, since the firewall has been up, there has been max xxx connections per client, and max xxx embryonic connections...  Not sure this is possible though.


Thanks,


Jason

Correct Answer
praprama Wed, 09/15/2010 - 17:44
User Badges:
  • Cisco Employee,

Hey,


I don't think that is going to be possible. I suppose it will be asking too much of the ASA to keep in its memory a count of all the conncetions until present considering the number of connections it will be processing.


Regards,

Prapanch

Federico Coto F... Wed, 09/15/2010 - 17:18
User Badges:
  • Green, 3000 points or more

I guess the

sh service policy

add optional arguments.


Is this what you're looking for?


Federico.

greensubmarine2009 Wed, 09/15/2010 - 19:02
User Badges:

to see the ASA's session counter,use"show resource usage all".



for example:


FW# show resource usage all
Resource              Current         Peak      Limit        Denied Context
SSH                         2            5          5            21 System
Conns                     678         2393      50000             0 System
Xlates                    611         1804        N/A             0 System
Hosts                     500         2204        N/A             0 System
Conns [rate]                2          399        N/A             0 System
Inspects [rate]             1          421        N/A             0 System

jbeltrame Thu, 09/16/2010 - 05:37
User Badges:

i was more looking for DoS tuning parameters:


router#show ip inspect statistics


Maxever session counts (estab/half-open/terminating) [48:12:5]


Thanks,


Jason

Actions

This Discussion