Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Abnormally High Number Of Connections and Xlates

Hi All,

I have been noticing high number of connections and translates over the past few days and I go into the cli and do a show conn and there will be what seems to me an awful lot of connections from the same IP to google or other web sites. I am by no means a PIX expert but it seems a little weird to me.

4 REPLIES

Re: Abnormally High Number Of Connections and Xlates

Have you checked the host that owns the address for viruses, malware, etc.?

HTH,

John

HTH, John *** Please rate all useful posts ***
Community Member

Re: Abnormally High Number Of Connections and Xlates

Well I have that underway now but its just troubling how many different ip addresses have multiple connections. I did a little experiment and opened a browser and went to google. I did a search and left it up on the page of search returns. I then went to the pix cli and did a show conn local "my IP". It showed only three entries. There are people with 10 times that many. I have an Enterasys IDS in place as well and I dont see anything hitting a trojan signature or anything so I am just looking for advice of what else to look for. Security is not my specialty yet but I want to learn as much as I can about it and I know you guys are much more well versed in it than I.

Cisco Employee

Re: Abnormally High Number Of Connections and Xlates

Hi,

Below is a URL that has some information on monitoring Pix Firewalls. I would make use of the commands listed in the URL and monitor the pix and make sure that you are not under any attack.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#showconncount

Regards,

Arul

*Pls rate if it helps*

Community Member

Re: Abnormally High Number Of Connections and Xlates

I think I read this exact page today. I run ASDM as well so I always have it open monitoring connections and bandwidth. So I can see the number of connections all the time. Its just trying to figure out why there are so many. I wish there were a way I could display all connections per IP address but I havent been able to find any tool that will do that.

154
Views
0
Helpful
4
Replies
CreatePlease to create content