Guest

Preview Tool

Cisco Bug: CSCvu17852 - Current connection count is negative on 'show service policy' when connection limit is set in MPF

Last Modified

Sep 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(3.2)

Description (partial)

Symptom:
++ The maximum connection limit is set via Class-map  and witnesses connection drop even when the limit is not reached.

++ Service policy has current connection count negative and we see legitimate drops as well
    Class-map: TCP_conn_limits
      Set connection policy: conn-max 3750 embryonic-conn-max 500 per-client-max 1500 per-client-embryonic-max 500 
        current embryonic conns 0, current conns -666, drop 5

Conditions:
Running ASA image 9.12(2)3 and TCP connection limit is set via class-map
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.