10-29-2015 09:41 AM - edited 03-03-2019 08:02 AM
Please do not flame me if this question has been asked before. I have done many hours of seearching on many forums looking for an answer to my question and I have found NONE.
First off givens
ASA 5510
I am wondering if there is way to remove limit on how many concurrent sessions I can have at one time?
I keep running into this road block on what I am trying to accomplish.
Here is the setup up.
I am not using the firewall in your typical manner ( as I am sure you guessed ) I have right nnow 108 Site-to-Site tunnels open and I am pushing a simple TCP ping to our company website. I am running this through an expect script running from a linux box and it works with no issues. The issue I am running into is if I want to start up another script to go after a particular tunnel to keep kt alive I run into the dreaded "Too many concurrent TCP ping sessions." after about the 3rd time I run the secondary script.
In a detailed STEP BY STEP process please explain how I turn off the limit for concurrent sessions both in the ADSM and the CLI.
10-31-2015 01:36 AM
Hi,
Hvae you gone through the below link, which explain on how to increase the connection for specifc traffic using class map.
Hope it Helps..
-GI
Rate Helpful Posts
10-31-2015 03:00 PM
I have tried the above method and it still does not work. I think this method is for strict TCP sessions and NOT TCP PING .... although in my mind it should be the same but oh well. Thank you for pointing that article out to me. If you have any more suggestions please get back to me.
11-01-2015 12:49 AM
what exactly you mean tcp ping? tcp syn and later tcp fin or without fin?
11-01-2015 07:31 AM
I have a linux VM setup with a shell that in turns runs an expect script that sends the ASA the following command:
ping tcp (Some IP Address ) 80 repeat X source 172.28.30.141 0 ( where X is the number times I want the ping to repeat, in this case I have set between 2 and 5 depnending on the tunnel location ) it first opens the tunnel with the first ping, the seoncd one tells me I am sending a TCP packet and getting it back.
There are 109 soon to be 148 of these entries with the needed sleep command, some with longer sleep periods due to longer repeat commands in place, in between each in csae the the ping fails to return.
As the script is running it is putting it reults in a file which get parsed later by a perl script and that in turn gets red by php for display on a status board. This is a simple on / off kind of script. I have a few tunnels which are located in Shanghai China and the circuit is just crap so all to often after the script has gone the way around the tunnel to China has dropped in which the the scipt runs again to check each tunnel if it is still up and so on.
I want to improve the results with the Shanghai tunnels as well as a few others. In order to do that I need to keep sending data down those tunnels. I have altered my running script to just keep running a continious ping to keep the tunnel up but after that script run two of threee times I get the dreaded message To many concurrent TCP ping sessions.
I was hoping the link that was provided would help me but alas it does not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide