[c-nsp] ASA 5505 stops servicing inbound connections
Tillinger, Steve
steve.tillinger at sourcemedia.com
Tue Aug 11 14:44:56 EDT 2009
Have you tried "sh local" ? That should tell you if you're hitting the
10 user limit.
# sh loc
Detected interface 'outside' as the Internet interface. Host limit
applies to all other interfaces.
Current host count: 4, towards licensed host limit of: 10
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Meenoo
Shivdasani
Sent: Tuesday, August 11, 2009 2:12 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA 5505 stops servicing inbound connections
The license is a 10-user license, but that's 10 internal hosts, not
external hosts. trap logging was set to informational -- now set to
debug.
7.x rather than 8.x because there was a deadline for installing the
system and that's what it shipped with.
It's not dying because of the logging -- this is the 3rd time it's
done this and logging wasn't set up the first time. It also continues
to log other messages -- it logs that it's sending syslog data to an
internal server and it logs that certain traffic is denied: "Deny tcp
src outside" for example. Shortly before it died, it logged
"%ASA-6-302010: 190 in use, 837 most used" and right after it stopped
handling connections it logged "%ASA-6-302010: 2 in use, 837 most
used" so I don't think that it's a connection limitation.
M
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
"This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution"
More information about the cisco-nsp
mailing list