https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152596#M361664 <P> - ASA5545 :&nbsp; <SPAN style="font-size: 10pt;">Software Version 8.6(1)2</SPAN></P><P></P><P>&nbsp;&nbsp; Connection table (<SPAN style="font-size: 10pt;">cfwConnectionStatValue) gradually <STRONG>increases</STRONG> and never goes down. Upon 750000 </SPAN></P><P><SPAN style="font-size: 10pt;">connections, user activity is hampered and the box claims that it can not support more connections.</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Is there a remedy ? <SPAN __jive_emoticon_name="shocked" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></SPAN></P><P></P><P></P><P><SPAN style="font-size: 10pt;">M.</SPAN></P> Tue, 12 Mar 2019 01:03:39 GMT Mark Elsen 2019-03-12T01:03:39Z https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152596#M361664 <P> - ASA5545 :&nbsp; <SPAN style="font-size: 10pt;">Software Version 8.6(1)2</SPAN></P><P></P><P>&nbsp;&nbsp; Connection table (<SPAN style="font-size: 10pt;">cfwConnectionStatValue) gradually <STRONG>increases</STRONG> and never goes down. Upon 750000 </SPAN></P><P><SPAN style="font-size: 10pt;">connections, user activity is hampered and the box claims that it can not support more connections.</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Is there a remedy ? <SPAN __jive_emoticon_name="shocked" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></SPAN></P><P></P><P></P><P><SPAN style="font-size: 10pt;">M.</SPAN></P> Tue, 12 Mar 2019 01:03:39 GMT https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152596#M361664 Mark Elsen 2019-03-12T01:03:39Z https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152597#M361665 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Have you made changes to the default "timeout" values shown with the command "show run timeout" ?</P><P></P><P>Is there some host on the network that is generating so much connections that its eating up the ASA resources.</P><P></P><P>I have witnessed a couple of times a single host generating so much connections/traffic that it has exhausted the set connection limit of the ASA (Though in this case a bit lower end model of ASA)</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 21 Feb 2013 07:55:18 GMT https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152597#M361665 Jouni Forss 2013-02-21T07:55:18Z https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152598#M361666 <HTML><HEAD></HEAD><BODY><P>&gt;Is there some host on the network that is generating so much connections that its eating up the ASA resources ?</P><P></P><P> Tx, is there a way in ASA, command line, or device mgr, which can show me the 'top-connecting' hosts </P><P>(so to speak).</P><P></P><P>Marc.</P></BODY></HTML> Thu, 21 Feb 2013 08:15:46 GMT https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152598#M361666 Mark Elsen 2013-02-21T08:15:46Z https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152599#M361667 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I think on the ASDM side you can go to the "Home" window and a little bit below you will see the "Tabs" called "Device Dashboard" which is selected by default and "Firewall Dashboard" that you should go to.</P><P></P><P>It has other statistics and on the lower right hand corner there is an option to go through different Top statistics.</P><P></P><P>I have a vague memory that this might cause performance issues in worst case. But it should probably be the easiest way to get information through the ASDM</P><P></P><P>Otherwise you just have to monitor the "show conn" , "show conn count" , "show conn long" , "show local-host" and other similiar command outputs to gather information.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 21 Feb 2013 09:13:21 GMT https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152599#M361667 Jouni Forss 2013-02-21T09:13:21Z https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152600#M361668 <HTML><HEAD></HEAD><BODY><P>Tx, it turns out, that during initial setup of the firewall, some rules had the 'service policy' setup set to</P><P>infinite TCP timeouts for app-debugging. We are now reviewing the service policy rules and making</P><P>corrections were needed.</P><P></P><P>Marc.</P></BODY></HTML> Fri, 22 Feb 2013 07:55:34 GMT https://community.cisco.com/t5/network-security/asa5545-connection-table-exhausting-long-term/m-p/2152600#M361668 Mark Elsen 2013-02-22T07:55:34Z