cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13121
Views
0
Helpful
6
Replies

ASA Connections counts

jbeltrame
Level 1
Level 1

We have couple routers taht we can get connection information ( like emby. max etc )....similiar to this:

router#show ip inspect statistics
Packet inspection statistics [process switch:fast switch]
tcp packets: [528:22519]
udp packets: [318:0]
Interfaces configured for inspection 1
Session creations since subsystem startup or last reset 766
Current session counts (estab/half-open/terminating) [1:0:0]
Maxever session counts (estab/half-open/terminating) [48:12:5]
Can I get sessions/connection information like this on the asa ( max estab, half-open, termination... ) .  I have a service policy to limit connections:
Set connection policy: per-client-max 40 per-client-embryonic-max 80
But, its not giving me any historical information....Is this possible?
Thanks,
Jason

1 Accepted Solution

Accepted Solutions

Hey,

I don't think that is going to be possible. I suppose it will be asking too much of the ASA to keep in its memory a count of all the conncetions until present considering the number of connections it will be processing.

Regards,

Prapanch

View solution in original post

6 Replies 6

praprama
Cisco Employee
Cisco Employee

Hey,

A "show local-host" on the ASA will show you these connection counts (embryonic, maximum, etc.). For more details on the command, please refer:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1447764

Hope this helps!!

Regards,

Prapanch

Basically, i am looking for more of a historical count so that I can appropriately set the per client connection limits and embryonic limits.  So, since the firewall has been up, there has been max xxx connections per client, and max xxx embryonic connections...  Not sure this is possible though.

Thanks,

Jason

Hey,

I don't think that is going to be possible. I suppose it will be asking too much of the ASA to keep in its memory a count of all the conncetions until present considering the number of connections it will be processing.

Regards,

Prapanch

I guess the

sh service policy

add optional arguments.

Is this what you're looking for?

Federico.

to see the ASA's session counter,use"show resource usage all".

for example:

FW# show resource usage all
Resource              Current         Peak      Limit        Denied Context
SSH                         2            5          5            21 System
Conns                     678         2393      50000             0 System
Xlates                    611         1804        N/A             0 System
Hosts                     500         2204        N/A             0 System
Conns [rate]                2          399        N/A             0 System
Inspects [rate]             1          421        N/A             0 System

i was more looking for DoS tuning parameters:

router#show ip inspect statistics

Maxever session counts (estab/half-open/terminating) [48:12:5]

Thanks,

Jason

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: