Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,
I have an unknown problem with CME/Voice Gateway CDRs when using file accounting method. I have the primary destination an FTP server and the secondary one to write to Flash.
The first issue is an error message I see in the logging as sho...
Hi,
To protect against SYN attacks we have created a global maximum to half open connections. Currently 500 embryonic connections.
It is working pretty fine now. When the maximum count is reached SYSLOG shows the following message:
6Oct 20 201612:1...
Hello
I have a couple of ASA5550 acting as border firewalls as well as a couple of FWSM as inter-vlan firewalls. I am now working on minimizing half-open connections on the ASA by limintimg the number embryonic connections. Now on the FWSM which is...
Hello
We have a 2600 series router using it as an SLT and have SS7 up and running for long time now using Cisco PGW2200.
Recently I started seeing a huge amount of errors both Line Code Violations and Line Path Violations on the SLT causing the SS7 ...
HelloThere seems to be an issue with Collaboration Plus sandbox. First I noticed that I am unable to access PhoneView because there are no attributes listed under the attributes tab. Please see attached snapshot. I also tried RDP option from the hier...
Hi,
Thanks for your input. Well, we do use a host instead of an IP under the gw-accounting file section.
as below:
gw-accounting file
primary ftp cdrserver/CDRCME username xxxxx password 7 xxxxxxxxxxx
secondary ifs flash:CDRCME
maximum buffer-siz...
Hello again,Thanks for responding. Regarding the part you mentioned about loaning a HW VPN router, how does this work and what is the process?Thank you
The impact on the service was very critical, I could wait. So I replaced the router altogether and everything is working well now. Most probably it was a faulty VWIC I suppose.
Hi again,
Great. Let me share with you my goal then.
Lets say I get numerous logs indicating a particular IP is exceeding max embryonic connection. Here is an example log message from the live network:
%ASA-6-201010: Embryonic connection limit excee...
Hello Pulkit,
Thanks. I am a bit confused here about something though.
Aren't embryonic connections already considered illegitimate? Aren't they all half open and therefore sort of categorized as SYN or scan attacks?
So am I stuck with this then? We...
