Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
629
Views
0
Helpful
4
Replies

Too many connections on Xlate??

shave
Level 1
Level 1

‎05-09-2001 09:34 AM - edited ‎03-08-2019 08:13 PM

Been getting quite a few of the below messages in my logs from a Pix 520 lately:

%PIX-3-201002: Too many connections on xlate XXX.XX.XX.X! 0/38

Can't seem to find any references on what this means or if this is harmful.

Anybody have any experience with this message?

Thanks..

Labels:
0 Helpful
4 Replies 4

bwalchez
Level 4
Level 4

‎05-15-2001 07:00 AM

It sounds like you might be running one of those older versions that counts connections. What version (sh ver) of PIX code are you running? Also, what does sh conn show for max cons and remaining?

0 Helpful

shave
Level 1
Level 1
In response to bwalchez

‎05-15-2001 10:08 AM

Running 5.3(1), below is the show ver, and if I do a sh conn, itlists users, and right now shows 26 in use 179 most used, can't seem to find where to find any kind of connection limitations...

Cisco Secure PIX Firewall Version 5.3(1)

XXXXXXXXXXX up 40 days 3 hours

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is XXXXXXXXXXXXXX, irq 11

1: ethernet1: address is XXXXXXXXXXXXXX, irq 10

2: ethernet2: address is XXXXXXXXXXXXXX, irq 9

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

Websense: Enabled

Throughput: Unlimited

ISAKMP peers: Unlimited

Serial Number: XXXXXXXXXXXXXX

Activation Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

0 Helpful

bwalchez
Level 4
Level 4
In response to shave

‎05-16-2001 03:02 PM

I bet it’s a bug. 5.3(1) Shouldn’t enforce any kind of connection license since they don’t sell the PIX by connection counts anymore. But they used to so I bet they forgot to remove this message from the 5.3(1) code. Let Cisco’s TAC know.

0 Helpful

jekrauss
Level 1
Level 1

‎05-16-2001 03:26 PM

It looks like when you wrote your static, you limited yourself to only 38 connections maximum - and you're exceeding that number of connections (i.e. like on a http request). If this doesn't obviously fix it, try posting that particular line from your static and we'll take a look.

HTH

Jeff

Below is the explanation from the syslog message.

%PIX-3-201002: Too many connections on static|xlate gaddr! econns nconns

Explanation This is a connection-related message. This is a connection-related message. This message is logged when the maximum number of connections to the specified static address has been

exceeded. The econns variable is the maximum number of embryonic connections and nconns is the maximum number of connections permitted for the static or xlate.

Action Use the show static command to check the limit imposed on connections to a static address. The limit is configurable.

0 Helpful
Customers Also Viewed These Support Documents