Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to prevent following attack

Dear Friends,

One of the customer's ASA-5520 is getting disconect every 3-4 hours and found following outputs and errors.This ASA connetcs to MPLS(to acces remote branches) and ADLS(for internet)

Resource              Current         Peak          Limit                  Denied Context  

Syslogs [rate]           83             87470        N/A                       0 System

Conns                   35859        98666          280000                  0 System

Xlates                    266               919             N/A                       0 System

Hosts                     353               670             N/A                            0 System

Conns [rate]               29             409             N/A                       0 System

Inspects [rate]            11           57                  N/A                       0 System

Before disconnection happen ,I am getting following error

"SA-5-321001: Resource 'conns' limit of 280000 reached for system"

This is looks like a dos attack(pls correct me if I am wrong)I have done the follwoing steps to control the situation.

policy-map limit

class limit

  set connection conn-max 1 embryonic-conn-max 1 per-client-max 1

  set connection timeout embryonic 0:00:00 half-closed 0:00:00 tcp 0:00:00 dcd 0:00:01

Now my observation is


When lookat Conns  "ciurrent" figurres keep increasing but "peak" figures doensn't increase  until "conns reach to 98666.

I would appriciate if anyone can tell me how to resolve this issue.

Is there any way to stop the increasing of "conns" figures??

many thanks

New Member

Re: how to prevent following attack

can you provide the a "show conn" and "show version"output?