Solved: Re: "%HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per m - Page 2

jmaxwellUSAF · ‎02-03-2023

(I searched this at Cisco & Google without satisfaction)

Hello. I am troubleshooting symptom of sftp communication from internal server not reaching www address.

I see in 4431 Router logs...

*Feb 3 21:12:12.019: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:12.019: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:12.020: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:12.021: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:12.022: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:27.022: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:27.022: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:27.024: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:27.025: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.
*Feb 3 21:12:27.027: %HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has exceeded the maximum limit(500)as specified by the platform.

1. What typically causes this situation?

2. Might this be related to the root cause of my troubleshoot symptom?

Thank you.

jmaxwellUSAF · ‎02-06-2023

"

4431#show policy-map type inspect ?
% Unrecognized command
4431#show policy-map type ?
access-control access-control specific policy-map
control Control policy-map and statistics
packet-service Packet Service Policy Map
service-chain Service Chain Policy Map

"

Please advise. Thank you.

MHM Cisco World · ‎02-06-2023

as I get before you run ISR 4431 as ZoneFirewall or I am wrong ??

jmaxwellUSAF · ‎02-06-2023

4431 is router between ASA5525 and www. There is little info for me about this device. I do know there are multiple VRFs, and also ACLs. This network is configured less-than correctly. There are no ACLs directly on interfaces.

MHM Cisco World · ‎02-06-2023

OK, I will share some point how you capture the traffic in ASA
and for ISR4000 I will see what I can find to share with you

jmaxwellUSAF · ‎02-07-2023

I have CONFIRMED the interesting traffic is exiting the 5525ASA.

On the 4431, The CLI analyzer states that there is no zone based firewall detected.

It is strange to me that on the 4431 "sh run all" doesn't list the access lists.

There exist many access lists. How can i see which access lists are in use, are mapped to what functions?

jmaxwellUSAF · ‎02-07-2023

I'm placing access lists on interfaces and verifying they are being hit by the interesting traffic. This troubleshooting technique is yielding success.

I have CONFIRMED the interesting traffic is entering the 4431 incoming int.

"%HTTP-4-SERVER_CONN_RATE_EXCEED: Number of connections per minute has