05-09-2001 09:34 AM - edited 03-08-2019 08:13 PM
Been getting quite a few of the below messages in my logs from a Pix 520 lately:
%PIX-3-201002: Too many connections on xlate XXX.XX.XX.X! 0/38
Can't seem to find any references on what this means or if this is harmful.
Anybody have any experience with this message?
Thanks..
05-15-2001 07:00 AM
It sounds like you might be running one of those older versions that counts connections. What version (sh ver) of PIX code are you running? Also, what does sh conn show for max cons and remaining?
05-15-2001 10:08 AM
Running 5.3(1), below is the show ver, and if I do a sh conn, itlists users, and right now shows 26 in use 179 most used, can't seem to find where to find any kind of connection limitations...
Cisco Secure PIX Firewall Version 5.3(1)
XXXXXXXXXXX up 40 days 3 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is XXXXXXXXXXXXXX, irq 11
1: ethernet1: address is XXXXXXXXXXXXXX, irq 10
2: ethernet2: address is XXXXXXXXXXXXXX, irq 9
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Enabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
Websense: Enabled
Throughput: Unlimited
ISAKMP peers: Unlimited
Serial Number: XXXXXXXXXXXXXX
Activation Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
05-16-2001 03:02 PM
I bet its a bug. 5.3(1) Shouldnt enforce any kind of connection license since they dont sell the PIX by connection counts anymore. But they used to so I bet they forgot to remove this message from the 5.3(1) code. Let Ciscos TAC know.
05-16-2001 03:26 PM
It looks like when you wrote your static, you limited yourself to only 38 connections maximum - and you're exceeding that number of connections (i.e. like on a http request). If this doesn't obviously fix it, try posting that particular line from your static and we'll take a look.
HTH
Jeff
Below is the explanation from the syslog message.
%PIX-3-201002: Too many connections on static|xlate gaddr! econns nconns
Explanation This is a connection-related message. This is a connection-related message. This message is logged when the maximum number of connections to the specified static address has been
exceeded. The econns variable is the maximum number of embryonic connections and nconns is the maximum number of connections permitted for the static or xlate.
Action Use the show static command to check the limit imposed on connections to a static address. The limit is configurable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide