Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA connection limit recommendations

I am looking to set appropriate per-client-max and per-client-max-embryonic connections limit.  I have the service policy in place, and can see what gets dropped, but would like better detail, simliar to how you can get it from a router inspect stats:

router#show ip inspect statistics

Maxever session counts (estab/half-open/terminating) [48:12:5]

Any way?

Thanks,

Jason

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA connection limit recommendations

Hi Jason,

The "show local-host" command should help you with this. If you need more detail, you can use this command with the detail keyword. Details of the command are available below:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1447764

There are other opetions available in the command as well which might help you.

Let me know if this helps!!

Regards,

Prapanch

2 REPLIES
Cisco Employee

Re: ASA connection limit recommendations

Hi Jason,

The "show local-host" command should help you with this. If you need more detail, you can use this command with the detail keyword. Details of the command are available below:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s4.html#wp1447764

There are other opetions available in the command as well which might help you.

Let me know if this helps!!

Regards,

Prapanch

New Member

Re: ASA connection limit recommendations

The problem with the local-host command, is that it only shows current status.  It doesn't show the max embryonic connections encountered.  I can get the max connections, though not max encountered per host would be nice, though the sh conn or sh resource usages.  I'd like to be able to get a max embryonic encounted counter.  That would help better in determining what is a good per client embryonic limit.

Thanks,

Jason

1271
Views
0
Helpful
2
Replies
CreatePlease login to create content