https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875926#M460104 <HTML><HEAD></HEAD><BODY><P>You're welcome. Thanks for the rating. </P><P></P><P>Yeah I was thinking something like a DDos attack when I alluded to "one-time event". I hesitate to raise that spectre directly though so as not to "cry wolf" and unduly alarms folks without any corroborating data.</P></BODY></HTML> Sun, 05 Feb 2012 18:27:12 GMT Marvin Rhoads 2012-02-05T18:27:12Z https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875923#M460101 <P>Hi all.</P><P></P><P></P><P>i got a crahed 5520 this week and was showing </P><P>&lt;163&gt;Nov 28 2011 11:34:45: %ASA-3-201013: Per-client connection limit exceeded -125/100 </P><P></P><P>What the negative number tells ?&nbsp; i usually see same numbers like 100/100 with means the connection limited has reached.</P><P></P><P>also the box was showing </P><P>&lt;163&gt;Nov 28 2011 19:51:17: %ASA-3-210007: LU allocate xlate failed</P><P></P><P></P><P>&lt;161&gt;Nov 28 2011 17:50:44: %ASA-1-105005: (Primary) Lost Failover communications with mate on interface OUTSIDE</P><P></P><P>from the last 2 log messages its showing that the box was out of resources correct ?&nbsp; </P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 22:23:58 GMT https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875923#M460101 laerciotobias 2019-03-11T22:23:58Z https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875924#M460102 <HTML><HEAD></HEAD><BODY><P>The negative numbers reading is caused by a bug. Please see "CSCtl23397 - ASA may log negative values for Per-client conn limit exceeded messg".</P><P></P><P>The 210007 message is indicating stateful failover is out of resources. See <A href="http://www.cisco.com/en/US/docs/security/asa/asa83/system/message/logmsgs.html#wp4770249">this explanation</A>.</P><P></P><P>Overall it appears your boxes may be pushing the limit of their capabilities connection-wise. Some further investigation would be required to determine whether that was a one-time event or indicative of a need to upgrade (memory or device).</P></BODY></HTML> Sun, 05 Feb 2012 18:06:14 GMT https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875924#M460102 Marvin Rhoads 2012-02-05T18:06:14Z https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875925#M460103 <HTML><HEAD></HEAD><BODY><P>Thanks again Marvin.</P><P></P><P>Actually was a DDos attack.</P></BODY></HTML> Sun, 05 Feb 2012 18:20:31 GMT https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875925#M460103 laerciotobias 2012-02-05T18:20:31Z https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875926#M460104 <HTML><HEAD></HEAD><BODY><P>You're welcome. Thanks for the rating. </P><P></P><P>Yeah I was thinking something like a DDos attack when I alluded to "one-time event". I hesitate to raise that spectre directly though so as not to "cry wolf" and unduly alarms folks without any corroborating data.</P></BODY></HTML> Sun, 05 Feb 2012 18:27:12 GMT https://community.cisco.com/t5/network-security/connection-limits-questions/m-p/1875926#M460104 Marvin Rhoads 2012-02-05T18:27:12Z