khanbabars
Technical User
Senario
We have Cisco ASA5540 in production which has around 2700 IPSec tunnels active.
Now when the network outage occurs and come back again then all the external clients try to connect at the same time which keeps ASA's CPU Usage 100% and at some point ASA does not respond at all and not even route to failover/standby site.
Then we have to manually release clients slowly and let them to connect to ASA once all are connected everything is fine CPU usage stays normal.
What can we do in this situation ??
1. shall we implement connection limits/embryonic?
2. Shall we put additional load balancer and place it somewhere in the middle`?
3. Is it kind DoS making service not available?
Let me know if you need more information.
You suggestions will be appreciated.
Regards
We have Cisco ASA5540 in production which has around 2700 IPSec tunnels active.
Now when the network outage occurs and come back again then all the external clients try to connect at the same time which keeps ASA's CPU Usage 100% and at some point ASA does not respond at all and not even route to failover/standby site.
Then we have to manually release clients slowly and let them to connect to ASA once all are connected everything is fine CPU usage stays normal.
What can we do in this situation ??
1. shall we implement connection limits/embryonic?
2. Shall we put additional load balancer and place it somewhere in the middle`?
3. Is it kind DoS making service not available?
Let me know if you need more information.
You suggestions will be appreciated.
Regards