Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
183
Views
0
Helpful
1
Replies

IP INSPECT causes phones to not register

Jason Aarons
Level 6
Level 6

‎11-28-2005 05:58 AM - edited ‎03-13-2019 11:23 AM

Site is complaining they come in every morning and find 5 out of 20 7940 phones showing Not Registered, reboot resolves the problem.

show log in the 2811 router;

006084: *Nov 15 15:36:47.576 UTC: %FW-4-HOST_TCP_ALERT_ON: Max tcp half-open connections (50) exceeded for host 10.68.68.10.

10.68.68.10 is the Callmanager

How do I increase the half-open values under "IP INSPECT", they are using this security feature -jason

Labels:
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎12-02-2005 11:50 AM

Error messages such as the following may indicate that a denial-of-service attack has occurred on aspecific TCP host:

%FW-4-HOST_TCP_ALERT_ON: Max tcp half-open connections (50) exceeded for host

172.21.127.242.

%FW-4-BLOCK_HOST: Blocking new TCP connections to host 172.21.127.242 for 2

minutes (half-open count 50 exceeded)

%FW-4-UNBLOCK_HOST: New TCP connections to host 172.21.127.242 no longer blocked

you could config the router to increase the max half-open sessions.

hope this helps.

0 Helpful
Customers Also Viewed These Support Documents