08-26-2010 07:27 AM - edited 03-11-2019 11:30 AM
We have a Cisco ASA 5510 security device.
Here recently it seems every day at the same time (between 3 and 4 pm) our internet connection (4 bonded t1's) comes to a crawl. I've looked through the Cisco but haven't been able to find anything useful. I'd like to see what internal clients are accessing what externally and maybe see a bandwidth report for each client. Is this possible? I'd like to track down what is going on at these times. We never had this problem before I implemented the ASA about 4 months ago. I doubt it is the device, I just need to know what is going on and the only way I can think of doing so is running some report from the ASA.
Thanks!
08-26-2010 08:27 AM
well i think a goo dpoint to start would be ask your isp/service provider to give you a stats of traffic around that time
this will give you a good idea about bandwidth utilzation of your T1
try to find out what is happening between 3 to 4 pm in your network, many times there could be scheduled backups happening at fixed times in a day and this traffi cmight be too much and overloading the firewall
check the following during this time
logs - to see if you find something wierd
cpu -see how it fares betwene 3-4 pm when compared to rest of the day
show xlate - again as above
show conn - again as above
and my final answer if you have smartnet - open TAC CASE - we will be more than happy to investigate
08-26-2010 09:04 AM
Hi,
Just to add on here, ASDM has some important graphs which might help you as well.
http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/intro.html#wp1044840
As seen, you can see TOP access-list hits, Top USage (including source address, dest address and service). Hope this helps.
Regards,
Prapanch
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: