The 525 will max out at around 500,000 connections, although this is a rough estimate. I've seen them go up higher, but you wouldn't want to do that. There shouldn't be any issue at around 70,000 connections. How much traffic are you seeing thru this PIX? Are you doing stateful failover? Can you provide a config? And a "sho tech" when the problem is occurring?
We experience a mostly linear rise of cpu usage and connections. For example 10000 conn / 10 % cpu and 70000 / 99. If we are reaching 60000 conn free memory on PIX decreases about 1 MB.
After an update of our webpages we have per client about 10 TCP (HTTP/HTTPS) and 10 UDP (RPC/..) connections on PIX. Seems 3 times more than before. Our traffic rates are about 5 - 8 Mbit/s normal and 10 -12 Mbit/s at peak rate. We have a 34 Mbit/s connection to our provider.
Yes, we have stateful failover and http replication with dedicated interface, but NOT LAN-based failover.
Maybe i found another limitation of our system, our customers reach our webfarm over one IP-Address and we balance on several servers. Do you think there are another limitiation about port allocation and addressing?
About show tech and config i ´ll have to discuss with my colleagues.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...