cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
553
Views
0
Helpful
3
Replies

Problems with latest ASA CSC Module

adambaack
Level 1
Level 1

We just recently upgraded the CSC module from version 6.2.1599.6 to 6.3.1172.0. It was running fine, but ever since then we've been getting occasional web timeouts and slow loading. No other config changes have been made.

In my syslog I'm seeing these two warnings:

LCSO-ASA1-CSC 21184512: 2009-07-08T15:05:08-0400 The maximum number of connections for HTTP has been reached. New connections will be kept in a backlog and may time out.

LCSO-ASA1-CSC 21184513: 2009-07-08T15:22:01-0400 The maximum number of connections for HTTP has returned to normal threshold.

It appears we're doing too many connections, but I don't know how to increase it or just let the maxed out connections through?

Thanks for any help.

3 Replies 3

Hi Adam,

I have not used 6.3 myself, but as far as I know there is no way to avoid connections being stored in a queue when the max number of HTTP connections is reached. The connection limit is fixed, so you won't be able to increase it either.

As an alternative, you could exempt certain IP addresses from the CSC policy all together, but this exemption would be in effect 100% of the time, not just when you went over the connection limit threshold.

If you are consistently hitting the connection limit, you might look into upgrading to a CSC-SSM-20, which has a higher connection limit, if you only have the -10 model.

-Mike

Yep, unfortunately we have the CSC-SSM-20 with the 1000 user limit. Our rep is trying to get us to look at the Cisco Ironport devices to replace the module which they just sold us a year ago.

In that case, it sounds like the CSC isn't scalable enough for your environment. I have not used the Ironport devices myself. Best of luck.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: