Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

cicsco asa clarification regarding show local host

Hi Team,

we are observing the no. of conn thru asa 5580 is getting increased and one a fine day it will stop sending/receiving traffics.

firewall# show conn count

1900000 in use, 2000008 most used


As per the datasheet of this asa, the max conns permissible is 2 million (20 lacs). and the output shows that currently 1900000 connections are there and 2million+8 connections are most used.

when i run " show local-host | include host|count/limit ", below are the outputs showing for max connections..

local host: <172.x.x.x>,

    TCP flow count/limit = 35857/unlimited

    TCP embryonic count to host = 25

    UDP flow count/limit = 0/unlimited

local host: <DC01>,
    TCP flow count/limit = 306/unlimited
    TCP embryonic count to host = 8
    UDP flow count/limit = 736807/unlimited


local host: <DC02>,
    TCP flow count/limit = 246/unlimited
    TCP embryonic count to host = 2
    UDP flow count/limit = 582010/unlimited


local host: <172.y.y.y>,
    TCP flow count/limit = 1/unlimited
    TCP embryonic count to host = 0
    UDP flow count/limit = 308412/unlimited

These are the top 4 connections, i wonder should we consider only the tcp flow count or udp as well ??

4 REPLIES
Cisco Employee

cicsco asa clarification regarding show local host

Hi Rajesh,

Both TCP and UDP connections should be counted.

-Mike

New Member

cicsco asa clarification regarding show local host

Hi Mike,

Could you pls help in identifying the geniune connections ? is there any combination of flags or something to be executed in show conn command in order to identify the fake or unwanted connections...is there any way to proceed further?

New Member

cicsco asa clarification regarding show local host

any help ?????

Super Bronze

cicsco asa clarification regarding show local host

Hi,

I have had to deal with a similiar problem only 2-3 times. And it was always a "contaminated" computer/server.

In the latest case a single server in an environment with ASA5540 was pushing so many connections that it reached the maximum connections for that ASA model (400 000)

First I would start checking what connections are beeing formed from the host that you listed above. I guess you should usually see some sort of well known port used for any service thats needed. Might also help if there was someone there that knows exactly what connections your servers etc. are supposed to handle.

How many hosts are there in your network?

What has been the normal trend with the connection count before you ran into this problem?

How did you notice this problem? Connections werent being formed through the ASA?

What have you done so far regarding this problem?

- Jouni

4586
Views
0
Helpful
4
Replies
CreatePlease login to create content