Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2563
Views
0
Helpful
2
Replies

ASA 5505 Connection Limit and TIME_WAIT Freezing Device

Atl_Gator
Level 1
Level 1

‎09-30-2011 11:05 PM - edited ‎03-11-2019 02:32 PM

My little ASA 5505 is working great and I am quite happy with the purchase now that I've solved a number of the issues we had, thank you all very much for the help.

The next issue I have is rather annoying.  The device appears to be artificially crippled and limited to 10,000 connections.  This isn't a "CPU limit" it's just some fake limit in the device as far as I can tell.

The problem we have is that we are only using around 500-600 connections and CPU usage is only like 25%, and yet the connection count is pegged at 10,000 and locks us out of our network.

I am pretty sure this is because there are a lot of "dead" TIME_WAIT connections hanging around not being used.  In our application we only have the couple hundred connections but they do move around a bit every now and then.

Is there anyway to get the device to ignore the "dead" connections and not count them towards the artificial limit on the device given that it's pretty clear the CPU / etc., is not utilized sufficiently.  These aren't real connections, we only have a couple 100 established, they do just move around a bit however.

We are really only using 500-700 connections according to our servers, the others are just sitting in TIME_WAIT doing nothing.

Anyone had this issue before or can offer solutions or workarounds?

Labels:
0 Helpful
2 Replies 2

mirober2
Cisco Employee
Cisco Employee

‎10-07-2011 06:34 AM

Hello,

Have you checked the output of 'show conn' and 'show local-host' at a time when the connection count is maxed out? If the ASA is not removing idle connections, you should open a TAC case to have this investigated. Otherwise, the above commands should show you which hosts are maxing out the connections and you can take steps to remediate those problem hosts.

-Mike

0 Helpful

netriplex
Level 1
Level 1

‎02-24-2015 01:36 PM

I know this is an old post, but I had the same issue with a similar ASA5505 in a small office that was hitting the 10,000 connection limit. The security plus license upgrade brings it to 25,000 connections and solved the issue. The part number is L-ASA5505-SEC-PL=

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card