Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
0
Helpful
2
Replies

ASA connection limit recommendations

Go to solution
jbeltrame
Level 1
Level 1

‎09-16-2010 08:22 AM - last edited on ‎03-25-2019 05:45 PM by Community Manager

I am looking to set appropriate per-client-max and per-client-max-embryonic connections limit.  I have the service policy in place, and can see what gets dropped, but would like better detail, simliar to how you can get it from a router inspect stats:

router#show ip inspect statistics

Maxever session counts (estab/half-open/terminating) [48:12:5]

Any way?

Thanks,

Jason

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
praprama
Cisco Employee
Cisco Employee

‎09-16-2010 08:56 AM

Hi Jason,

The "show local-host" command should help you with this. If you need more detail, you can use this command with the detail keyword. Details of the command are available below:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1447764

There are other opetions available in the command as well which might help you.

Let me know if this helps!!

Regards,

Prapanch

View solution in original post

0 Helpful
2 Replies 2

Go to solution
praprama
Cisco Employee
Cisco Employee

‎09-16-2010 08:56 AM

Hi Jason,

The "show local-host" command should help you with this. If you need more detail, you can use this command with the detail keyword. Details of the command are available below:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1447764

There are other opetions available in the command as well which might help you.

Let me know if this helps!!

Regards,

Prapanch

0 Helpful

Go to solution
jbeltrame
Level 1
Level 1
In response to praprama

‎09-16-2010 10:46 AM

The problem with the local-host command, is that it only shows current status.  It doesn't show the max embryonic connections encountered.  I can get the max connections, though not max encountered per host would be nice, though the sh conn or sh resource usages.  I'd like to be able to get a max embryonic encounted counter.  That would help better in determining what is a good per client embryonic limit.

Thanks,

Jason

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card