Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1236
Views
0
Helpful
0
Replies

cisco asa 5585x ssp-20 Concurrent firewall connections unmatched

kennethyee4269
Level 1
Level 1

‎05-16-2019 02:11 AM

Dear All,

 

i am using the ASA 5585x with SSP-20, but I found the max conn value only 1000000.

it is unmatched with datasheet 2000000. this ASA is forming failover, no any firepower. 

do you guys have any ideas?

 

 

ASA5585# sh resource usage
Resource Current Peak Limit Denied Context
SSH 1 2 5 0 System
Syslogs [rate] 2573 75830 N/A 0 System
Conns 794178 979833 1000000 7323327 System
Hosts 17403 144094 N/A 0 System
Conns [rate] 1200 79181 N/A 0 System

 

ASA5585# sh mode
Security context mode: single
Inspects [rate] 108 1605 N/A 0 System

 

ASA5585# sh module

Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5585-X Security Services Processor-20 wi ASA5585-SSP-20 

Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
0 acf2.c5f2.b410 to acf2.c5f2.b41b 2.0 2.0(13)0 8.2(5)33

Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------

Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
0 Up Sys Not Applicable

 

 

ASA5585# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 256 maximum
Version: Ours 8.2(5)33, Mate 8.2(5)33
Last Failover at: 02:59:16 HKST May 16 2019
This host: Primary - Active
Active time: 214979 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (2.0/8.2(5)33) status (Up Sys)
Interface management (192.168.1.1): No Link (Not-Monitored)
Interface outside (10.32.18.10): Normal
Interface inside (10.32.19.10): Normal
slot 1: empty
Other host: Secondary - Standby Ready
Active time: 123956384 (sec)
slot 0: ASA5585-SSP-20 hw/sw rev (2.0/8.2(5)33) status (Up Sys)
Interface management (0.0.0.0): Normal (Not-Monitored)
Interface outside (10.32.18.11): Normal
Interface inside (10.32.19.11): Normal
slot 1: empty

Stateful Failover Logical Update Statistics
Link : state GigabitEthernet0/6 (up)
Stateful Obj xmit xerr rcv rerr
General 654614677 0 78094001034 1822349
sys cmd 3859429 0 3859268 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 337204730 0 40980513503 867116
UDP conn 302212371 0 35812400022 955233
ARP tbl 11335327 0 1297146922 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKE upd 0 0 0 0
VPN IPSEC upd 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 2830 0 81319 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 1002 78146897205
Xmit Q: 0 1 654793867

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card