Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connections on PIX used up.

We have a Cisco Pix Firewall ( 2.7 we think ) that is limited to 256 connections from the inside to the outside.

We have occasionally seen it run out of connections. For a moment or two you just can't get out to your favorite web site. In the last few weeks it has gotten much worse, so much so, that automated communications between servers on the inside and outside have been failing. The problem appears to be that some web sites can open dozens of connections through the firewall before the user even clicks on anything. Also, some web sites seem to be able to hold open the connection long after the user has closed the window. The result is that 4 or 5 people looking at web sites can lock up all the capacity through the firewall. We've set the expiration on the connections to 20 minutes but any shorter we will interfere with legitimate telnet sessions. Any ideas?

VIP Purple

Re: Connections on PIX used up.

Two ideas;

1. Reduce the xlate timeout. This should not affect telnet sessions, unless they are left idle.

timeout xlate 0:05:00

2. Do something to reduce the number of TCP connections - put in a proxy server, for example.

CreatePlease login to create content