maximum connections

jacquesd · ‎12-13-2006

Hi all,

We have a pix515E-UR IOS 7.0(4). I am getting the following messages at the syslog server:

Dec 13 2006 15:57:03: %PIX-3-201011: Connection limit exceeded 300/300 for outbound packet from 10.100.0.76/1587 to 196.x.x.x/8080 on interface inside

Dec 13 2006 15:57:04: %PIX-3-201011: Connection limit exceeded 300/300 for outbound packet from x.x.x.x/24810 to 196.11.125.149/443 on interface dmz

x.x.x.x is a proxy in the dmz. nat is only performed on the outside interface. the nat commands also do not have limits set.

I have not used 'set connection conn-max' anywhere in the config. the only place i can find a match for 300/300 is on some older statics. That has been changed and xlate cleared, but same result.

is there something I am missing?

Thanks for any comments!

Jacques

ajagadee · ‎12-13-2006

Jacques,

In the static defined, what is value configured for embryonic connections.

Looks like you are running into bug id CSCsd58400.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a0080659c8f.html

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

jacquesd · ‎12-14-2006

Hi Arul,

That is just it, there are currently no statics defined with any 300/300 limit (there use to be, but I removed the restriction on all). I also clear the xlate, but still get the messages. The fact that I use to have statics with 300/300 gives me a clue to where the restriction originated from, unless something somewhere defaults to 300/300). maybe a reload is needed?

Jacques

rega · ‎05-29-2007

Hello,

Try to make the

clear local-host command.

Regards,

jj