Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8980
Views
0
Helpful
2
Replies

show conn in cisco asa

secureIT
Level 4
Level 4

‎04-03-2012 11:36 PM - edited ‎03-11-2019 03:50 PM

Hi Team,

Does the show conn count includes both tcp + udp + embryonic connections.

Because when i do a calculation in excel from the output of show conn, i got the below output.

It was extracted from the command "show local-host | include host|count/limit"

(A):

   Total Sum of TCP embryonic count to host = 331

(B):

     Total Sum of TCP flow count/limit = 102938

(C):

     Total Sum of UDP flow count/limit = 3512505

firewall#show conn count

1912284 in use, 2000002 most used

Please let me know how this is caluclated. If show conn count = A+B+C, then i am suspecting that old connection entries are not getting flushed out from the connection table in cisco asa 5580 with version 8.3.2.

Really im in need of help...

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Kimberly Adams
Level 3
Level 3

‎04-04-2012 03:03 PM

With the show conn on the ASA, it does take all the connections and add them up for you.  This will include any TCP, any UDP, any hung connections, and any static connections.

Thanks and I hope this helps.

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.
0 Helpful

secureIT
Level 4
Level 4
In response to Kimberly Adams

‎04-04-2012 11:35 PM

Hi Kimberly,

My question was, the count of show conn & show local-host does not match... More over, as the show conn was showing that the max limit of 2 million will be reaching very soon... So, i would like to troubleshoot the output of show local-host | include host|count/limit, where in i could see that one of the webserver has lots of tcp connection (lets say 35000, then the other two servers are consuming udp connections 7lacs,5lacs & 3 lacs, as given below...

local host: ,

    TCP flow count/limit = 35857/unlimited

    TCP embryonic count to host = 25

    UDP flow count/limit = 0/unlimited

local host: ,

    TCP flow count/limit = 306/unlimited

    TCP embryonic count to host = 8

    UDP flow count/limit = 736807/unlimited

local host: ,

    TCP flow count/limit = 246/unlimited

    TCP embryonic count to host = 2

    UDP flow count/limit = 582010/unlimited

local host: ,

    TCP flow count/limit = 1/unlimited

    TCP embryonic count to host = 0

    UDP flow count/limit = 308412/unlimited

can you pls let me know any other commands can be executed to know if any huge embryonic/virus attacks/too many broad casts...... Once i clear the local-host, the connections get reduced from a huge value to low value. i reallly do not know if these are geniue traffic or fake ? or do not know if the connection table is not flushing out old entries.. please help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card