Hello-
I have setup a class-map to limit the number of connections for each separate contexts. I'm seeing an issue after applying it where the threshold is exceeding: "Drop-reason: (rm-conn-limit) RM connection limit reached"; however, the show resource usage shows the current and peak is no way near reaching the limit, only showing a couple of connections.
Version 9.1(4)
class default
limit-resource All 0
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
limit-resource Conns 0
class FW-GEN
limit-resource Conns 300000
class FW-EC
limit-resource Conns 300000
class FW-MAIN
limit-resource Conns 300000
class FW-MARK
limit-resource Conns 300000
class FW-PCI
limit-resource Conns 300000
class FW-BUBBLE
limit-resource Conns 100000
class FW-LAB
limit-resource VPN Other 10
limit-resource Conns 300000
Resource Current Peak Limit Denied Context
SSH 1 2 5 0 admin
ASDM 0 4 5 0 admin
Conns 3 7 unlimited 0 admin
Hosts 3 7 unlimited 0 admin
Inspects [rate] 0 7 unlimited 0 admin
Routes 2 2 unlimited 0 admin
Conns 0 40 99000 0 BUBBLE
Hosts 0 32 unlimited 0 BUBBLE
Conns [rate] 0 125 unlimited 0 BUBBLE
Inspects [rate] 0 25 unlimited 0 BUBBLE
Mac-addresses 0 2 65535 0 BUBBLE
SSH 0 2 5 0 LAB
Syslogs [rate] 0 147 unlimited 0 LAB
Conns 2 178 299000 22830 LAB
Xlates 3 423 unlimited 0 LAB
Hosts 3 72 unlimited 0 LAB
Conns [rate] 0 250 unlimited 0 LAB
Inspects [rate] 0 67 unlimited 0 LAB
Routes 9 10 unlimited 0 LAB
Other VPN Sessions 43 45 10 2 LAB
Other VPN Burst 0 1 0 0 LAB
Packet-Tracert input inside
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (rm-conn-limit) RM connection limit reached
Is there anything else I can check to see why the connection limit is being reached?
