cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

890
Views
0
Helpful
2
Replies
DannyHuston
Beginner

ASA max concurrent connections

If I have a thousand nodes from the public each perform a UDP ping to a server behind the ASA, does each count as a concurrent connection?

2 REPLIES 2
Jouni Forss
Mentor

Hi,

I imagine it does.

Also I guess if we are talking about just some random UDP traffic it would also mean that the default timeout for a connection would be 2min. The most usual UDP traffic would probably be DNS querys. In those cases I presume though that the UDP connections dont stay on firewall for long as long as the firewall sees the DNS reply.

But as I said if we are talking about some random UDP traffic that is allowed through the firewall I would guess it stays in the connection table of the firewall for a couple of minutes. So you might be looking at 1000 concurrent connections or even more?

I have once witnessed a single server sending so much UDP traffic that it reached the connection limit of an ASA5540 which is 400 000 concurrent connections.

- Jouni

Jack Leung
Beginner

That's correct. A UDP ping would consume a connection assuming your access-list permits that.  Interestingly I'm dealing with developers who are working on a public service that does periodic UDP pings to our data center as a heartbeat and they wanted to know if we could sustain that. 

Create
Recognize Your Peers
Content for Community-Ad