Cisco PIX 500 Series Configuration Manual page 119
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 6
Adding and Managing Security Contexts
server SYN queue full, which prevents it from servicing connection requests. When the embryonic
connection threshold of a connection is crossed, the security appliance acts as a proxy for the server and
generates a SYN-ACK response to the client SYN request. When the security appliance receives an ACK
back from the client, it can then authenticate the client and allow the connection to the server.
You can monitor the rate of attacks for individual contexts using the show perfmon command; you can
monitor the amount of resources being used by TCP intercept for individual contexts using the show
resource usage detail command; you can monitor the resources being used by TCP intercept for the
entire system using the show resource usage summary detail command.
The following is sample output from the show perfmon command that shows the rate of TCP intercepts
for a context called admin.
hostname/admin# show perfmon
Context:admin
PERFMON STATS:
Xlates
Connections
TCP Conns
UDP Conns
URL Access
URL Server Req
WebSns Req
TCP Fixup
HTTP Fixup
FTP Fixup
AAA Authen
AAA Author
AAA Account
TCP Intercept
The following is sample output from the show resource usage detail command that shows the amount
of resources being used by TCP Intercept for individual contexts. (Sample text in italics shows the TCP
intercept information.)
hostname(config)# show resource usage detail
Resource
memory
chunk:channels
chunk:fixup
chunk:hole
chunk:ip-users
chunk:list-elem
chunk:list-hdr
chunk:route
chunk:static
tcp-intercepts
np-statics
statics
ace-rules
console-access-rul
fixup-rules
memory
chunk:channels
chunk:dbgtrace
chunk:fixup
chunk:global
chunk:hole
chunk:ip-users
chunk:udp-ctrl-blk
chunk:list-elem
chunk:list-hdr
OL-12172-03
Current
Average
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
322779/s
322779/s
Current
Peak
843732
847288
14
15
1
10
21
3
2
1
328787
803610
3
1
1
2
14
959872
960000
15
1
15
1
2
10
1
24
5
Cisco Security Appliance Command Line Configuration Guide
Limit
Denied Context
unlimited
15
unlimited
15
unlimited
1
unlimited
10
unlimited
21
unlimited
4
unlimited
2
unlimited
1
unlimited
unlimited
3
unlimited
1
unlimited
1
unlimited
2
unlimited
15
unlimited
unlimited
16
unlimited
1
unlimited
15
unlimited
1
unlimited
2
unlimited
10
unlimited
1
unlimited
24
unlimited
6
unlimited
Managing Security Contexts
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 admin
0 c1
0 c1
0 c1
0 c1
0 c1
0 c1
0 c1
0 c1
0 c1
0 c1
6-21
Advertisement
Table of Contents
Troubleshooting
