Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1301
Views
0
Helpful
3
Replies

Connection limits questions.

Go to solution
laerciotobias
Level 1
Level 1

‎02-04-2012 04:25 PM - edited ‎03-11-2019 03:23 PM

Hi all.

i got a crahed 5520 this week and was showing

<163>Nov 28 2011 11:34:45: %ASA-3-201013: Per-client connection limit exceeded -125/100

What the negative number tells ?  i usually see same numbers like 100/100 with means the connection limited has reached.

also the box was showing

<163>Nov 28 2011 19:51:17: %ASA-3-210007: LU allocate xlate failed

<161>Nov 28 2011 17:50:44: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface OUTSIDE

from the last 2 log messages its showing that the box was out of resources correct ? 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2012 10:06 AM

The negative numbers reading is caused by a bug. Please see "CSCtl23397 - ASA may log negative values for Per-client conn limit exceeded messg".

The 210007 message is indicating stateful failover is out of resources. See this explanation.

Overall it appears your boxes may be pushing the limit of their capabilities connection-wise. Some further investigation would be required to determine whether that was a one-time event or indicative of a need to upgrade (memory or device).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2012 10:06 AM

The negative numbers reading is caused by a bug. Please see "CSCtl23397 - ASA may log negative values for Per-client conn limit exceeded messg".

The 210007 message is indicating stateful failover is out of resources. See this explanation.

Overall it appears your boxes may be pushing the limit of their capabilities connection-wise. Some further investigation would be required to determine whether that was a one-time event or indicative of a need to upgrade (memory or device).

0 Helpful

Go to solution
laerciotobias
Level 1
Level 1
In response to Marvin Rhoads

‎02-05-2012 10:20 AM

Thanks again Marvin.

Actually was a DDos attack.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to laerciotobias

‎02-05-2012 10:27 AM

You're welcome. Thanks for the rating.

Yeah I was thinking something like a DDos attack when I alluded to "one-time event". I hesitate to raise that spectre directly though so as not to "cry wolf" and unduly alarms folks without any corroborating data.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card