10-02-2012 07:33 AM - edited 03-11-2019 05:02 PM
I've got an ASA 5550 running Software Version: 8.2(2);
I replaced two static NAT commands below with new commands to change the
connection limits:
no static (inside,outside) ggg.ggg.ggg.118 ppp.ppp.ppp.118 netmask 255.255.255.255 tcp 500 1000
static (inside,outside) ggg.ggg.ggg.118 ppp.ppp.ppp.118 netmask 255.255.255.255 tcp 5000 5000 no static (inside,outside) ggg.ggg.ggg.229 ppp.ppp.ppp.229 netmask 255.255.255.255 tcp 1000 0
static (inside,outside) ggg.ggg.ggg.229 ppp.ppp.ppp.229 netmask 255.255.255.255 tcp 5000 5000 ~~ However, I am still getting connection limit exceeded messages in the log: Oct 02 2012 10:01:22: %ASA-3-201011: Connection limit exceeded 500/500 for inbound packet from 169.139.16.2/59278 to ggg.ggg.ggg.118/443 on interface outside Help! This is a mission-critical application that is being affected.
Thanks!
Message was edited by: Marc Chin
10-02-2012 09:40 AM
Hello Marc,
Did you clear the xlate table?
Please do the following
Clear xlate local ggg.ggg.ggg.229
clear local-host ggg.ggg.ggg.229
Regards,
Julio
10-02-2012 09:56 AM
Yes, I performed a 'clear xlate' - both local, global, and general, to no effect.
I wound up opening a TAC case for this and the tech indicated that I needed to do a 'clear conn' to reset the xlate to the new limits.
Marc
10-02-2012 09:58 AM
Correct, clear conn is need it as well
And what was the result?
Regards,
Julio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: