On my Pix515E ASDM console I quite often see large surges in the total number of connections. I would like to find a convenient way to see what (or who) is causing this.
The command Show Local gives the answers but it returns details of each connection and I can't see a way to omit the detail. Show Conn Count just gives the total. Ideally I would like to get a summary of the number of connections (TCP/UDP) for each inside host. Is this possible?
..........to limit the number of connections to a subnet.
This works and I see errors in the syslog when the limit is exceeded but when I change the limits and apply the changes, the syslog errors still show the previous limit being reached. How can I make changes to these connection limits take effect (without reloading the Pix)?
Could you tell us which version of PIX you are running? The later versions do have modifications to the show local-host command to filter unnecessary data. If you tell the version you are running, then i can look up what options are available to you.
Secondly, I think you can run the command "clear xlate" to clear existing xlates, instead of rebooting the PIX. However, existing connections will get disconnected for a moment. So I would suggest to do this when minimal traffic is passing through the PIX.
An easy way to test would be to creat a connection through your pix and then run the 'clear xlate' command and see if the session drops. The short answer is no, the conns are not torn down. When you run the 'clear xlate' command existing connections stay up.
After making changes to your conn or embryonic conn limits in your static, you need to clear the xlate before the changes will take effect. Note that you can also change these limits in the MPF. This is now the preferred method and it can be configured to be much more granular.
access-list tcp_acl permit tcp 10.1.1.0 255.255.255.0 any
access-list tcp_acl permit tcp 10.2.2.0 255.255.255.0 any
match access-list tcp_acl
set connection per-client-max 100 per-client-embryonic-max 50