Only 10 connections from a.b.c.d, why ASA says, it comes to limit 200/200. Once I close one browser, then I can browse again which means all limit settings work. However, no idea how ASA calculate the total connections for per-client ? We also see quite often like
Connection limit exceeded 10925/60000 for input packet from 220.127.116.11/1141 to A.B.C.207/139 on interface outside. Why only 10925, but it says limit 60000 ha been reached. We have two ASAs in two colo and this issue on both side. Thanks for your help.
The "per-client-max" setting is for all connections initiated from that client and passing through the ASA.
The "conn-max" was traditionally applied to the 'local-host' IP for the server, but with MPF, it will depend on the rest of your policy. However, something seems a miss if you are hitting the limit with only 10925 out of 60000 conns. What version are you running and on what platform?
For the warning related to per-client-max, we can see limit reached like 200/200 even "sh conn address ip" far less than 200. However, for warning related to conn-max, always got something like 10595/60000 and only one rule TCP_SYN has limit set as 60000. Please help. Thanks.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...