12-13-2006 06:05 AM - edited 03-11-2019 02:08 AM
Hi all,
We have a pix515E-UR IOS 7.0(4). I am getting the following messages at the syslog server:
Dec 13 2006 15:57:03: %PIX-3-201011: Connection limit exceeded 300/300 for outbound packet from 10.100.0.76/1587 to 196.x.x.x/8080 on interface inside
Dec 13 2006 15:57:04: %PIX-3-201011: Connection limit exceeded 300/300 for outbound packet from x.x.x.x/24810 to 196.11.125.149/443 on interface dmz
x.x.x.x is a proxy in the dmz. nat is only performed on the outside interface. the nat commands also do not have limits set.
I have not used 'set connection conn-max' anywhere in the config. the only place i can find a match for 300/300 is on some older statics. That has been changed and xlate cleared, but same result.
is there something I am missing?
Thanks for any comments!
Jacques
12-13-2006 09:16 AM
Jacques,
In the static defined, what is value configured for embryonic connections.
Looks like you are running into bug id CSCsd58400.
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a0080659c8f.html
I hope it helps.
Regards,
Arul
** Please rate all helpful posts **
12-14-2006 01:49 AM
Hi Arul,
That is just it, there are currently no statics defined with any 300/300 limit (there use to be, but I removed the restriction on all). I also clear the xlate, but still get the messages. The fact that I use to have statics with 300/300 gives me a clue to where the restriction originated from, unless something somewhere defaults to 300/300). maybe a reload is needed?
Jacques
05-29-2007 11:54 PM
Hello,
Try to make the
clear local-host command.
Regards,
jj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: