Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1708
Views
0
Helpful
2
Replies

ASA max concurrent connections

DannyHuston
Level 1
Level 1

‎02-28-2013 10:58 AM - edited ‎03-11-2019 06:07 PM

If I have a thousand nodes from the public each perform a UDP ping to a server behind the ASA, does each count as a concurrent connection?

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎02-28-2013 12:24 PM

Hi,

I imagine it does.

Also I guess if we are talking about just some random UDP traffic it would also mean that the default timeout for a connection would be 2min. The most usual UDP traffic would probably be DNS querys. In those cases I presume though that the UDP connections dont stay on firewall for long as long as the firewall sees the DNS reply.

But as I said if we are talking about some random UDP traffic that is allowed through the firewall I would guess it stays in the connection table of the firewall for a couple of minutes. So you might be looking at 1000 concurrent connections or even more?

I have once witnessed a single server sending so much UDP traffic that it reached the connection limit of an ASA5540 which is 400 000 concurrent connections.

- Jouni

0 Helpful

Jack Leung
Level 1
Level 1

‎02-28-2013 01:09 PM

That's correct. A UDP ping would consume a connection assuming your access-list permits that.  Interestingly I'm dealing with developers who are working on a public service that does periodic UDP pings to our data center as a heartbeat and they wanted to know if we could sustain that. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card