Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco routers!

Okay, I will admit, this is completely NON-business related... Here's the story:

I am using a Cisco router at home to support my DSL connection. I currently have it configured for NAT, CBAC, and VPN connections which are all working just fine. Recently, good ol' sierra just came out with the next version of CounterStrike (I've always been a sucker for first person shooters). The initial problem was as follows - when I would pull down a game server list, and my DSL connection would drop. I would get the following in my SYSLOG:

Sep 13 17:42:20 641: 07:24:25: %FW-4-ALERT_ON: getting aggressive, count (102/500) current 1-min rate: 501

Sep 13 17:42:21 643: 07:24:26: %SEC-6-LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to down

Sep 13 17:42:43 646: 07:24:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed state to up

Sep 13 17:43:08 647: 07:25:14: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 57

This completely hoses all my connections...SO, I turned the alerting (ip inspect alert-off) thinking this would solve the problem...Well, when I grabbed a new server list, the alerts did not appear, but the Ethernet interface still dropped the connection for 30 seconds or so then came back online...

Anyone know what the story is here?


New Member

Re: Cisco routers!

Do you have TCP Intercept enabled on the router?

New Member

Re: Cisco routers!

No I do not.

New Member

Re: Cisco routers!

Oh, so, you only turned the cbac alert off. But you didn't turned it of. OK, then you will have to increase the one-minute clamping..


ip inspect one-minute high 2000

ip inspect one-minute low 1600

See if this helps.

New Member

Re: Cisco routers!

I'll try that - thanks for the tip!

Cisco Employee

Re: Cisco routers!

Be careful about just blindly increasing the one-minute connection rates. Sure, increasing it to 2000 will probably resolve the issue, but it may leave you susceptible to attack if you're allowing connecitons inbound. By enabling CBAC you turned your router into a stateful firewall, so it is now keeping track of every TCP/UDP connection that goes through it. CBAC has inbuilt thresholds that say "if I see more than 500 connections per minute go through this router, then I'm going to assume there's an attack going on and I'll stop any other connections from proceeding".

You can see in the "getting aggressive" message that this is exactly what the route ris doing, the one-minute connection rate has hit 501, and so the router stops all other connections. when you download a server list it must open up a boatload of connections.

You can increase these limits by using the commands the previous poster suggested, but you need to increase them to a point where your connection stays up when you download a server list, but so that you'll also be protected during a real attack. This can take some time to play around with to get right, but it's worth it in the end.

I would start at 1000 connections for high, and always set your low limit (the value at which the router "calms down" and starts allowing new connections again) to 100 less than the high limit (in this case start with 900). Work your way up gradually if your connection still drops out every now and then.

New Member

Re: Cisco routers!

Awesome - I think ya'll have solved it. Believe it or not, I'm going to need to take it above 2000. I've found (thanks to the information you gave) that when the game is listing the servers, it is actually opening a connection to each one. As of right now, when it reaches 2000, my connection drops. So essentially, I'll need to configure the router to support the maximum number of servers that the game sends messages to.

Wild stuff!

Thanks again folks,