Hi,
Just wondering if CBAC has a limitation on how many sessions it can keep open?
Im not looking at half open sessions. I realise this is a seperate setting.
I basically have IP Inspect setup and it has been working fine. Recently there has been a huge increase in DNS requests from our site which is getting counted by CBAC. Only a couple of TCP sessions are making it through to the open state.
Any ideas or helpful debugs for this one? Have had a look at the standard ones.
It seems that the outside ACL is blocking the return packets for certain sessions. Almost like the IP INSPECT tables are full and it doesnt count those sessions any more and open the dynamic return path.
Sorry if that was a bit vague! Running on way too little sleep here!
Cheers,
Tim.