We migrated our old Borderware firewall to Cisco asa5520 and noticed the CPU on it always over 30% and sometime over 60%/70%. I was wondering if there is anything I can do to improve performance and resolve this issue.
The interfaces looks okay and we have about 15MB internet pipe so it's not heavey usage configuaration. It also has 51 3des Site-to-Site VPN tunnels. I am thinking about enabling CSC module and start scanning http/email but I am not sure if I should go forward that until I resolve cpu issue.
Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "disk0:/asa722-k8.bin"
Config file at boot was "startup-config"
catoactive up 5 days 14 hours
failover cluster up 7 days 3 hours
Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0
Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0 : address is 0019.0665.6964, irq 9
1: Ext: GigabitEthernet0/1 : address is 0019.0665.6965, irq 9
2: Ext: GigabitEthernet0/2 : address is 0019.0665.6966, irq 9
3: Ext: GigabitEthernet0/3 : address is 0019.0665.6967, irq 9
4: Ext: Management0/0 : address is 0019.0665.6968, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
Running Activation Key: 0xb9012b61 Configuration register is 0x1
Configuration last modified by sysadmin at 17:18:14.257 PDT Wed Jun 13 2007