Resource conns limit of 10000 reached for system.

abccisco2011 · ‎12-29-2015

I have a Cisco ASA 5505 on a remote location. This firewall looses outside connection randomly. I see there is a syslog message ID 321001 ' Resource conns limit of 10000 reached for system'. Can anyone help me out here?

Karsten Iwen · ‎12-29-2015

The 5505 with the Base License has a limit of 10.000 concurrent connections. This limit can be lifted to 25.000 connections by applying the SecurityPlus license. But the question is, if it's worth to invest money on the 5505 which is legacy technology. The successor, the 5506-X supports 20.000 concurrent connections in the Base License and could be a very good replacement for the 5505. The only "problem" could be that the 5506-X doesn't have switchports as the 5505 has. Depending on your setup you would also have to buy an additional switch.

abccisco2011 · ‎03-21-2016

I bought the security plus license which increased the limit to 25000 connections, but I have same issue. Now when I see show conn, it shows me 25001 most used. I think there is some virus on inside PC which keeps increasing the connection. Any way I can pin point the inside IP which is the culprit?

Aditya Ganjoo · ‎03-21-2016

Hi,

Can you share the show connection outputs in an interval of 5 minutes on the ASA ?

We can check the top-talkers in the network and check if they are making legitimate connections.

Regards,

Aditya

Please rate helpful posts.

abccisco2011 · ‎03-24-2016

Aditya,

Please find the logs attached.

Sushant

Karsten Iwen · ‎03-24-2016

An easy way to find a system with a high amount of connections is the following command:

show local-host connection tcp 10000
show local-host connection udp 10000

It will only show the hosts that have at least 10000 tcp/udp-connections.