cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
37079
Views
10
Helpful
28
Replies

Cisco ASA 5520 CPU Usage is ranging 87%- 93%

mparas_04
Level 1
Level 1

Hi,

I know this topic was already discussed before, and I already tried their solution but nothing happened. Bear with me if I'll post this again.

Our company’s Cisco ASA 5520 CPU usage drastically increased up to  93% after installing the antivirus our company purchased.

Upon entering the show commands, which I will post the result later, it shows that the “Dispatch Unit is very high.

I tried to clear the conn of each IP address that has very high bytes, but nothing happened.

I’ll post all the result, and please help me solve this issue. I’m not really familiar with Firewall or security.

INTFW(config)# show proc cpu-usage sorted non-zero

PC         Thread       5Sec     1Min     5Min   Process

081aa324   6bdaf870    81.3%    81.5%    81.4%   Dispatch Unit

08bd08d6   6bda9210     5.7%     5.7%     5.7%   Logger

INTFW(config)# show proc cpu-usage sorted non-zero

PC         Thread       5Sec     1Min     5Min   Process

081aa324   6bdaf870    81.3%    81.5%    81.4%   Dispatch Unit

08bd08d6   6bda9210     5.7%     5.7%     5.7%   Logger

INTFW(config)# show proc cpu-hog

Process:      vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 23, MAXHOG: 5, LASTHOG: 5

LASTHOG At:   11:27:17 PHST Aug 8 2011

PC:           8da1592 (suspend)

Process:      vpnfol_sync/Bulk Sync - Import , NUMHOG: 23, MAXHOG: 5, LASTHOG: 5

LASTHOG At:   11:27:17 PHST Aug 8 2011

PC:           8da1592 (suspend)

Traceback:    8da1c7e  8d9ff8f  8062413

Process:      ssh_init, PROC_PC_TOTAL: 4, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   07:41:20 PHST Aug 18 2011

PC:           806dcd5 (suspend)

Process:      ssh_init, NUMHOG: 4, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   07:41:20 PHST Aug 18 2011

PC:           806dcd5 (suspend)

Traceback:    8b9d3e6  8bab837  8ba024a  8062413

Process:      ssh_init, PROC_PC_TOTAL: 90801, MAXHOG: 5, LASTHOG: 2

LASTHOG At:   04:47:28 PHST Apr 5 2012

PC:           8b9ac8c (suspend)

Process:      ssh_init, NUMHOG: 90801, MAXHOG: 5, LASTHOG: 2

LASTHOG At:   04:47:28 PHST Apr 5 2012

PC:           8b9ac8c (suspend)

Traceback:    8b9ac8c  8ba77ed  8ba573e  8ba58e8  8ba6971  8ba02b4  8062413

Process:      telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   08:43:18 PHST Apr 16 2012

PC:           8870ba5 (suspend)

Process:      telnet/ci, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   08:43:18 PHST Apr 16 2012

PC:           8870ba5 (suspend)

Traceback:    8870ba5  9298bf1  92789fe  9279191  80ca7e7  80cacbb  80c14b5

               80c1c5f  80c2da6  80c3850  8062413

Process:      Unicorn Proxy Thread, PROC_PC_TOTAL: 5, MAXHOG: 3, LASTHOG: 2

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c0e8e5 (suspend)

Process:      Unicorn Proxy Thread, NUMHOG: 5, MAXHOG: 3, LASTHOG: 2

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c0e8e5 (suspend)

Traceback:    8c0e8e5  8c23428  8c24561  8cff99d  8cfdb0c  8cf9f81  8cf9ef5

               8cfa9b0  8cec6c9  8cebf7b  8cec22c  8ce5e2f  8d00cfb  8d01d67

Process:      Unicorn Proxy Thread, PROC_PC_TOTAL: 12, MAXHOG: 5, LASTHOG: 4

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c2bb4d (suspend)

Process:      Unicorn Proxy Thread, NUMHOG: 12, MAXHOG: 5, LASTHOG: 4

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c2bb4d (suspend)

Traceback:    8c2bb4d  8c0ef7a  8c11576  8c11625  8c12748  8c140f8  8c0f074

               8c23bae  8f2f1f1  8062413

Process:      vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 488, MAXHOG: 100, LASTHOG: 2

LASTHOG At:   02:44:29 PHST May 6 2012

PC:           80635a5 (suspend)

Process:      ssh_init, NUMHOG: 461, MAXHOG: 3, LASTHOG: 2

LASTHOG At:   02:44:29 PHST May 6 2012

PC:           80635a5 (suspend)

Traceback:    80635a5  8133d0b  9224474  923d3c8  9239045  9238e95  9226f50

               92263d8  92158bf  920530c  922564a  92254c1  9214606  92050bc

Process:      telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 5, LASTHOG: 5

LASTHOG At:   17:46:33 PHST May 9 2012

PC:           8beab4b (suspend)

Process:      telnet/ci, NUMHOG: 1, MAXHOG: 5, LASTHOG: 5

LASTHOG At:   17:46:33 PHST May 9 2012

PC:           8beab4b (suspend)

Traceback:    8beb37e  8bf5961  8870405  92861be  80cf185  80c2c3f  80c3850

               8062413

Process:      snmp, PROC_PC_TOTAL: 65, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   07:51:40 PHST May 10 2012

PC:           8b37300 (suspend)

Process:      snmp, NUMHOG: 65, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   07:51:40 PHST May 10 2012

PC:           8b37300 (suspend)

Traceback:    8b37300  8b35d27  8b32e39  8b358c8  8b10b5e  8b0f7bc  8062413

Process:      ssh_init, PROC_PC_TOTAL: 43490, MAXHOG: 4, LASTHOG: 2

LASTHOG At:   08:03:59 PHST May 10 2012

PC:           83cf301 (suspend)

Process:      ssh_init, NUMHOG: 43490, MAXHOG: 4, LASTHOG: 2

LASTHOG At:   08:03:59 PHST May 10 2012

PC:           83cf301 (suspend)

Traceback:    83cfb25  83c9883  812ea45  89e51b2  89b8dda  8ba0e44  8ba0278

               8062413

Process:      Dispatch Unit, PROC_PC_TOTAL: 50959, MAXHOG: 46, LASTHOG: 2

LASTHOG At:   08:16:30 PHST May 10 2012

PC:           81aa324 (suspend)

Process:      Dispatch Unit, NUMHOG: 50959, MAXHOG: 46, LASTHOG: 2

LASTHOG At:   08:16:30 PHST May 10 2012

PC:           81aa324 (suspend)

Traceback:    81aa324  8062413

Process:      Dispatch Unit, PROC_PC_TOTAL: 4912632, MAXHOG: 1010, LASTHOG: 3

LASTHOG At:   08:16:40 PHST May 10 2012

PC:           81aa50f (suspend)

Process:      Dispatch Unit, NUMHOG: 4502524, MAXHOG: 1010, LASTHOG: 3

LASTHOG At:   08:16:40 PHST May 10 2012

PC:           81aa50f (suspend)

Traceback:    81aa50f  8062413

Process:      snmp, PROC_PC_TOTAL: 85863, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   08:16:40 PHST May 10 2012

PC:           8c09598 (suspend)

Process:      snmp, NUMHOG: 85863, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   08:16:40 PHST May 10 2012

PC:           8c09598 (suspend)

Traceback:    8b300cd  8b1086d  8b0f7bc  8062413

Process:      snmp, PROC_PC_TOTAL: 43522, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   08:16:40 PHST May 10 2012

PC:           8b3709e (suspend)

Process:      snmp, NUMHOG: 43522, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   08:16:40 PHST May 10 2012

PC:           8b3709e (suspend)

Traceback:    8b3709e  8b35dcb  8b32e39  8b358c8  8b10b5e  8b0f7bc  8062413

Process:      Dispatch Unit, NUMHOG: 14404267, MAXHOG: 1012, LASTHOG: 3

LASTHOG At:   08:17:07 PHST May 10 2012

PC:           81aa5f9 (suspend)

Traceback:    81aa5f9  8062413

Process:      Dispatch Unit, PROC_PC_TOTAL: 20260397, MAXHOG: 1012, LASTHOG: 3

LASTHOG At:   08:17:08 PHST May 10 2012

PC:           81aa5f9 (suspend)

CPU hog threshold (msec):  2.844

Last cleared: None

INTFW(config)# show int | in error

        1762 input errors, 0 CRC, 0 frame, 1762 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        38632851 input errors, 0 CRC, 0 frame, 38632851 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 7 interface resets

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

        1 input errors, 0 CRC, 0 frame, 1 overrun, 0 ignored, 0 abort

        0 output errors, 0 collisions, 0 interface resets

INTFW(config)# show int

Interface GigabitEthernet0/0 "outside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff4, MTU 1500

        IP address x.x.x.6, subnet mask 255.255.255.248

        30015960429 packets input, 26267024403964 bytes, 0 no buffer

        Received 9057 broadcasts, 0 runts, 0 giants

        1762 input errors, 0 CRC, 0 frame, 1762 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        199746407478 packets output, 25119852006560 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/24)

  Traffic Statistics for "outside":

        30002303388 packets input, 25691387461881 bytes

        199746407478 packets output, 21463867385699 bytes

        629259354 packets dropped

      1 minute input rate 1754 pkts/sec,  1668152 bytes/sec

      1 minute output rate 11769 pkts/sec,  944305 bytes/sec

      1 minute drop rate, 20 pkts/sec

      5 minute input rate 1646 pkts/sec,  1415643 bytes/sec

      5 minute output rate 11907 pkts/sec,  1263071 bytes/sec

      5 minute drop rate, 19 pkts/sec

Interface GigabitEthernet0/1 "inside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff5, MTU 1500

        IP address x.x.x.9, subnet mask 255.255.255.248

        197887766666 packets input, 24998369433168 bytes, 0 no buffer

        Received 278288 broadcasts, 0 runts, 0 giants

        38632921 input errors, 0 CRC, 0 frame, 38632921 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        29089991932 packets output, 26007238507372 bytes, 79 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/0)

  Traffic Statistics for "inside":

        197875091433 packets input, 21381545513997 bytes

        29089992011 packets output, 25452507365233 bytes

        47959890 packets dropped

      1 minute input rate 11609 pkts/sec,  926890 bytes/sec

      1 minute output rate 1731 pkts/sec,  1703914 bytes/sec

      1 minute drop rate, 3 pkts/sec

      5 minute input rate 11612 pkts/sec,  988624 bytes/sec

      5 minute output rate 1615 pkts/

INTFW(config)# show conn

----partial result of show conn. Some of the results have an higher bytes but I think this will be enough.

158026 in use, 165954 most used

TCP outside x.x.x.138:1522 inside x.x.x.106:3609, idle 0:00:24, bytes 1231922, flags UIO

TCP outside x.x.x.138:1522 inside x.x.x.106:4583, idle 0:00:05, bytes 108207477, flags UIO

INTFW(config)# show traffic

folink:

        received (in 1922566.370 secs):

                62152861 packets        4669911582 bytes

                1 pkts/sec      2000 bytes/sec

        transmitted (in 1922566.370 secs):

                1215835634 packets      1396053558570 bytes

                0 pkts/sec      726002 bytes/sec

      1 minute input rate 1 pkts/sec,  117 bytes/sec

      1 minute output rate 55 pkts/sec,  65230 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  117 bytes/sec

      5 minute output rate 51 pkts/sec,  59983 bytes/sec

      5 minute drop rate, 0 pkts/sec

outside:

        received (in 1922872.370 secs):

                30003574779 packets     25692551618468 bytes

                15000 pkts/sec  13361000 bytes/sec

        transmitted (in 1922872.370 secs):

                199756000629 packets    21464645138678 bytes

                103001 pkts/sec 11162000 bytes/sec

      1 minute input rate 1496 pkts/sec,  1370318 bytes/sec

      1 minute output rate 11724 pkts/sec,  1001443 bytes/sec

      1 minute drop rate, 23 pkts/sec

      5 minute input rate 1518 pkts/sec,  1369006 bytes/sec

      5 minute output rate 11644 pkts/sec,  992991 bytes/sec

      5 minute drop rate, 25 pkts/sec

inside:

        received (in 1922876.630 secs):

                197884596127 packets    21382322027279 bytes

                102001 pkts/sec 11119000 bytes/sec

        transmitted (in 1922876.630 secs):

                29091209527 packets     25453660568576 bytes

                15001 pkts/sec  13237000 bytes/sec

      1 minute input rate 11607 pkts/sec,  996877 bytes/sec

      1 minute output rate 1476 pkts/sec,  1352799 bytes/sec

      1 minute drop rate, 14 pkts/sec

      5 minute input rate 11487 pkts/sec,  986769 bytes/sec

      5 minute output rate 1453 pkts/sec,  1345452 bytes/sec

      5 minute drop rate, 5 pkts/sec

Thanks,

Mark

28 Replies 28

Maykol Rojas
Cisco Employee
Cisco Employee

Hi Mark,

I guess I was the one who got to the bottom of the other case. Let me help you out with this one. I may need some other outputs like the following:

show service-policy

sh local-host (this one is very large), what I am trying to find out with this one is the Embryonic amount of connections that the device is receiving.

For the 2 connections you are hightling they seem to be normal as they belong to SQL connections.

Mike

Mike

Hi Mike,

Thanks for the reply. I even sent you a private message regarding with this one.

Here are the information needed. Not sure about the embryonic amount, let me know if

what I sent is incorrect.

INTFW# show service-policy

Global policy:

   Service-policy: global_policy

     Class-map: inspection_default

       Inspect: dns preset_dns_map, packet 523484182, drop 1859534, reset-drop 0

       Inspect: ftp, packet 126584724, drop 5747, reset-drop 260

       Inspect: h323 h225 _default_h323_map, packet 33293, drop 0, reset-drop 0

                tcp-proxy: bytes in buffer 0, bytes dropped 73593

       Inspect: h323 ras _default_h323_map, packet 3924, drop 3072, reset-drop 0

       Inspect: rsh, packet 26083, drop 0, reset-drop 0

       Inspect: rtsp, packet 33584177, drop 0, reset-drop 0

                tcp-proxy: bytes in buffer 0, bytes dropped 376972

       Inspect: esmtp _default_esmtp_map, packet 199361835, drop 80131, reset-drop 0

       Inspect: skinny , packet 3373, drop 0, reset-drop 0

                tcp-proxy: bytes in buffer 0, bytes dropped 88997

       Inspect: sunrpc, packet 8558, drop 1, reset-drop 10

                tcp-proxy: bytes in buffer 0, bytes dropped 28

       Inspect: xdmcp, packet 554, drop 41, reset-drop 0

       Inspect: sip , packet 651549, drop 5, reset-drop 0

                tcp-proxy: bytes in buffer 0, bytes dropped 3169

       Inspect: netbios, packet 83649497, drop 0, reset-drop 0

       Inspect: tftp, packet 369, drop 0, reset-drop 0

     Class-map: global-class

       IPS: card status Unresponsive, mode inline fail-open, sensor vs0

         packet input 197451550328, packet output 197459152624, drop 3901726, reset-drop 395164

INTFW# show local-host

Interface inside: 670 active, 882 maximum active, 0 denied

local host: ,

    TCP flow count/limit = 9/unlimited

    TCP embryonic count to host = 0

    TCP intercept watermark = unlimited

    UDP flow count/limit = 2/unlimited

  Conn:

    TCP outside x.x.x.37:80 inside x.x.x.13:56634, idle 0:00:19, bytes 1539, flags UIO

    TCP outside 220.73.140.37:80 inside x.x.x.13:56633, idle 0:00:19, bytes 3162, flags UIO

    TCP outside 220.73.140.37:80 inside x.x.x.13:56632, idle 0:00:19, bytes 3089, flags UIO

    TCP outside 220.73.140.37:80 inside x.x.x.13:56631, idle 0:00:19, bytes 6446, flags UIO

    TCP outside 10.20.2.61:80 inside x.x.x.13:56630, idle 0:03:31, bytes 5856, flags UFRIO

    UDP outside 180.68.204.199:5005 inside x.x.x.13:61775, idle 0:00:01, bytes 24640, flags -

    TCP outside 180.68.204.199:554 inside x.x.x.13:56437, idle 0:00:00, bytes 34392, flags UIO

    TCP outside 220.73.163.212:554 inside x.x.x.13:56423, idle 0:00:54, bytes 2372747, flags UIO

    TCP outside 10.20.1.31:12571 inside x.x.x.13:51540, idle 0:00:00, bytes 247756, flags UIO

    TCP outside 10.20.2.41:80 inside x.x.x.13:49846, idle 0:00:49, bytes 321266, flags UIO

    UDP outside 180.68.204.199:5004 inside x.x.x.13:61776, idle 0:00:00, bytes 128849882, flags -

local host: <12.230.220.182>,

    TCP flow count/limit = 10/unlimited

    TCP embryonic count to host = 0

    TCP intercept watermark = unlimited

    UDP flow count/limit = 0/unlimited

Thanks,

Mark

Hi Mark,

Yeah, I saw it I answered that one as well, lets do the following and track this down. Would you please do a clear service-policy and then do show service-policy one more time (After clearing it, wait for 2 or 3 minutes and grab the show service-policy again)

Mike

Mike

Hi Mike,

Thanks, here  is the result after clearing the service-policy.

INTFW(config)# show service-policy

Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: dns preset_dns_map, packet 4755, drop 29, reset-drop 0

      Inspect: ftp, packet 4594, drop 0, reset-drop 0

      Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0

      Inspect: rsh, packet 0, drop 0, reset-drop 0

      Inspect: rtsp, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: esmtp _default_esmtp_map, packet 928, drop 0, reset-drop 0

      Inspect: skinny , packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: sunrpc, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: xdmcp, packet 0, drop 0, reset-drop 0

      Inspect: sip , packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: netbios, packet 551, drop 0, reset-drop 0

      Inspect: tftp, packet 0, drop 0, reset-drop 0

    Class-map: global-class

      IPS: card status Unresponsive, mode inline fail-open, sensor vs0

        packet input 0, packet output 0, drop 0, reset-drop 0

Thanks,

Mark

Hi Mark,

Did you wait for a couple of minutes? It doesnt seem an inspection issue. Can you do clear traffic/Interface, wait for a couple of minutes and then do another show traffic/interface? (Make sure that the CPU is above 85 when you do the tests)

Mike.

Mike

Also,

Please do the following:

Capture inside interface inside

Once you complete the capture, do a "show cap inside" see if a single host is showing there. The amount of errors on the insider interface is something to be worried about.

Interface GigabitEthernet0/1 "inside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff5, MTU 1500

        IP address x.x.x.9, subnet mask 255.255.255.248

        197887766666 packets input, 24998369433168 bytes, 0 no buffer

        Received 278288 broadcasts, 0 runts, 0 giants

        38632921 input errors, 0 CRC, 0 frame, 38632921 overrun, 0 ignored, 0 abo

Mike

Mike

Hi Mike,

Yes I waited for more than 5 mins. Here are the information needed, I waited for 10 mins after I cleared the traffic & interface. And also I included the proc cpu-usage to make sure the CPU is above 85%. The result is quite large but I post the whole information anyway.

INTFW(config)#  show proc cpu-usage sorted non-zero

PC         Thread       5Sec     1Min     5Min   Process

081aa324   6bdaf870    80.7%    80.7%    80.5%   Dispatch Unit

08bd08d6   6bda9210     5.7%     5.7%     5.7%   Logger

0929b50a   6bdaa9b0     0.1%     0.0%     0.0%   Checkheaps

INTFW(config)# show traffic

folink:

        received (in 747.770 secs):

                 1186 packets    88420 bytes

                 1 pkts/sec      118 bytes/sec

         transmitted (in 747.770 secs):

                 42724 packets   50250540 bytes

                 57 pkts/sec     67200 bytes/sec

       1 minute input rate 1 pkts/sec,  118 bytes/sec

       1 minute output rate 49 pkts/sec,  58022 bytes/sec

       1 minute drop rate, 0 pkts/sec

       5 minute input rate 1 pkts/sec,  117 bytes/sec

       5 minute output rate 58 pkts/sec,  69427 bytes/sec

       5 minute drop rate, 0 pkts/sec

outside:

         received (in 747.770 secs):

                1145778 packets 991636628 bytes

                 1532 pkts/sec   1326125 bytes/sec

         transmitted (in 747.770 secs):

                 8754737 packets 938872744 bytes

                11707 pkts/sec  1255563 bytes/sec

       1 minute input rate 1563 pkts/sec,  1266067 bytes/sec

       1 minute output rate 11699 pkts/sec,  1432560 bytes/sec

       1 minute drop rate, 27 pkts/sec

       5 minute input rate 1481 pkts/sec,  1292937 bytes/sec

       5 minute output rate 11642 pkts/sec,  1201762 bytes/sec

       5 minute drop rate, 27 pkts/sec

inside:

         received (in 749.920 secs):

                 8694743 packets 937999985 bytes

                11594 pkts/sec  1250800 bytes/sec

         transmitted (in 749.920 secs):

                 1115172 packets 982631039 bytes

                 1487 pkts/sec   1310314 bytes/sec

       1 minute input rate 11621 pkts/sec,  1429216 bytes/sec

       1 minute output rate 1526 pkts/sec,  1256246 bytes/sec

       1 minute drop rate, 2 pkts/sec

       5 minute input rate 11543 pkts/sec,  1197691 bytes/sec

       5 minute output rate 1448 pkts/sec,  1282070 bytes/sec

       5 minute drop rate, 2 pkts/sec

dmz:

         received (in 749.920 secs):

                 1016 packets    61624 bytes

                 1 pkts/sec      82 bytes/sec

         transmitted (in 749.920 secs):

                 1092 packets    66512 bytes

                 1 pkts/sec      88 bytes/sec

       1 minute input rate 5 pkts/sec,  358 bytes/sec

       1 minute output rate 5 pkts/sec,  365 bytes/sec

       1 minute drop rate, 0 pkts/sec

       5 minute input rate 0 pkts/sec,  37 bytes/sec

       5 minute output rate 1 pkts/sec,  43 bytes/sec

       5 minute drop rate, 0 pkts/sec

   ----------------------------------------

Aggregated Traffic on Physical Interface

----------------------------------------

GigabitEthernet0/0:

         received (in 750.670 secs):

                 1148372 packets 1015189440 bytes

                 1529 pkts/sec   1352377 bytes/sec

         transmitted (in 750.670 secs):

                 8787467 packets 1103440157 bytes

                 11706 pkts/sec  1469940 bytes/sec

       1 minute input rate 1563 pkts/sec,  1295849 bytes/sec

       1 minute output rate 11699 pkts/sec,  1646462 bytes/sec

       1 minute drop rate, 0 pkts/sec

       5 minute input rate 1482 pkts/sec,  1320981 bytes/sec

       5 minute output rate 11642 pkts/sec,  1414888 bytes/sec

       5 minute drop rate, 0 pkts/sec

GigabitEthernet0/1:

         received (in 750.670 secs):

                 8703391 packets 1097968273 bytes

                 11594 pkts/sec  1462651 bytes/sec

         transmitted (in 750.670 secs):

                 1115916 packets 1004257690 bytes

                 1486 pkts/sec   1337815 bytes/sec

       1 minute input rate 11621 pkts/sec,  1641334 bytes/sec

       1 minute output rate 1526 pkts/sec,  1285324 bytes/sec

       1 minute drop rate, 0 pkts/sec

       5 minute input rate 11543 pkts/sec,  1408490 bytes/sec

       5 minute output rate 1448 pkts/sec,  1309465 bytes/sec

       5 minute drop rate, 0 pkts/sec

GigabitEthernet0/2:

        received (in 751.330 secs):

                1016 packets    83158 bytes

                1 pkts/sec      110 bytes/sec

        transmitted (in 751.330 secs):

                1093 packets    89526 bytes

                1 pkts/sec      119 bytes/sec

      1 minute input rate 5 pkts/sec,  460 bytes/sec

      1 minute output rate 5 pkts/sec,  469 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  62 bytes/sec

      5 minute output rate 1 pkts/sec,  71 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/3:

        received (in 751.330 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 751.330 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Control0/0:

        received (in 752.000 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 752.000 secs):

                2350 packets    163298 bytes

                3 pkts/sec      217 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 3 pkts/sec,  217 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 3 pkts/sec,  217 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/0:

        received (in 752.000 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 752.000 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Management0/0:

        received (in 752.540 secs):

                1193 packets    105648 bytes

                1 pkts/sec      140 bytes/sec

        transmitted (in 752.540 secs):

                42939 packets   51105472 bytes

               57 pkts/sec     67910 bytes/sec

      1 minute input rate 1 pkts/sec,  140 bytes/sec

      1 minute output rate 49 pkts/sec,  58717 bytes/sec

     1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  139 bytes/sec

      5 minute output rate 58 pkts/sec,  70253 bytes/sec

      5 minute drop rate, 0 pkts/sec


INTFW(config)# show interface

Interface GigabitEthernet0/0 "outside", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff4, MTU 1500

        IP address x.x.x.6, subnet mask 255.255.255.248

        1243867 packets input, 1097864112 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        9513399 packets output, 1198008338 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/0)

  Traffic Statistics for "outside":

        1243866 packets input, 1074333879 bytes

        9513399 packets output, 1023795694 bytes

        24234 packets dropped

      1 minute input rate 1305 pkts/sec,  1069070 bytes/sec

      1 minute output rate 11463 pkts/sec,  1252114 bytes/sec

      1 minute drop rate, 22 pkts/sec

      5 minute input rate 1481 pkts/sec,  1292937 bytes/sec

      5 minute output rate 11642 pkts/sec,  1201762 bytes/sec

      5 minute drop rate, 27 pkts/sec

Interface GigabitEthernet0/1 "inside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff5, MTU 1500

        IP address x.x.x.9, subnet mask 255.255.255.248

        9423492 packets input, 1192203893 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        1209991 packets output, 1086417436 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/0)

  Traffic Statistics for "inside":

        9423446 packets input, 1020077321 bytes

        1209991 packets output, 1063530712 bytes

        2313 packets dropped

      1 minute input rate 11409 pkts/sec,  1250005 bytes/sec

      1 minute output rate 1280 pkts/sec,  1058571 bytes/sec

      1 minute drop rate, 2 pkts/sec

      5 minute input rate 11543 pkts/sec,  1197691 bytes/sec

      5 minute output rate 1448 pkts/sec,  1282070 bytes/sec

      5 minute drop rate, 2 pkts/sec

Interface GigabitEthernet0/2 "dmz", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff6, MTU 1500

        IP address x.x.x.17, subnet mask 255.255.255.248

        1239 packets input, 99144 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        1323 packets output, 106072 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/136)

  Traffic Statistics for "dmz":

        1239 packets input, 71724 bytes

        1323 packets output, 77092 bytes

        0 packets dropped

      1 minute input rate 1 pkts/sec,  117 bytes/sec

      1 minute output rate 2 pkts/sec,  125 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  37 bytes/sec

      5 minute output rate 1 pkts/sec,  43 bytes/sec

      5 minute drop rate, 0 pkts/sec

Interface GigabitEthernet0/3 "", is administratively down, line protocol is down

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address d0d0.fd3f.0ff7, MTU not set

        IP address unassigned

        0 packets input, 0 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 packets output, 0 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/255)

        output queue (blocks free curr/low): hardware (255/255)

Interface Management0/0 "folink", is up, line protocol is up

  Hardware is i82557, BW 100 Mbps, DLY 100 usec

        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

        Description: LAN/STATE Failover Interface

        MAC address d0d0.fd3f.0ff3, MTU 1500

        IP address x.x.x.1, subnet mask 255.255.255.0

        1292 packets input, 114396 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        46293 packets output, 55107556 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max packets): hardware (0/1) software (0/2)

        output queue (curr/max packets): hardware (0/14) software (0/1)

  Traffic Statistics for "folink":

        1292 packets input, 96308 bytes

        46293 packets output, 54459454 bytes

       0 packets dropped

       1 minute input rate 1 pkts/sec,  117 bytes/sec

      1 minute output rate 46 pkts/sec,  54715 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  117 bytes/sec

      5 minute output rate 58 pkts/sec,  69427 bytes/sec

      5 minute drop rate, 0 pkts/sec

About the show cap inside, the result is huge,but here is partial the result:

INTFW(config)# capture inside interface inside

INTFW(config)# show capture inside

1861 packets captured

   1: 08:37:39.019209 x.x.x.61.110 > x.x.x.20.49957: . 472732794:472734074(1280) ack 1268278275 win 46

    2: 08:37:39.019240 x.x.x.66.1521 > x.x.x.11.39866: P 729052152:729052783(631) ack 1465609040 win 32768

    3: 08:37:39.019255 x.x.x.61.110 > x.x.x.20.49957: . 472734074:472735354(1280) ack 1268278275 win 46

    4: 08:37:39.019270 x.x.x.20.49957 > x.x.x.61.110: . ack 472839034 win 65340

    5: 08:37:39.019286 x.x.x.183.4268 x.x.x.62.445: S 3250706787:3250706787(0) win 65535

   6: 08:37:39.019316 x.x.x.183.4269 > x.x.x.23.445: S 4159126031:4159126031(0) win 65535

   7: 08:37:39.019331 x.x.x .171.3941 x.x.x.51.445: S 1553740699:1553740699(0) win 65535

   8: 08:37:39.019469 x.x.x.49.2424 > x.x.x.100.445: S 2283719153:2283719153(0) win 65535

   9: 08:37:39.019606 x.x.x.177.4408 > x.x.x.71.445: S 3376639730:3376639730(0) win 65535

  10: 08:37:39.019637 x.x.x.177.4407 x.x.x.52.445: S 3066399355:3066399355(0) win 65535

  11: 08:37:39.019652 x.x.x.84.4075 > x.x.x.118.445: S 1447481176:1447481176(0) win 65535

  12: 08:37:39.019667 x.x.x.84.4078 > x.x.x.19.445: S 3779456741:3779456741(0) win 65535

  13: 08:37:39.019682 x.x.x.84.4081 x.x.x.91.445: S 4014525488:4014525488(0) win 65535

  14: 08:37:39.019698 x.x.x.84.4082 x.x.x.117.445: S 320204595:320204595(0) win 65535

  15: 08:37:39.019698 x.x.x.84.4083 > x.x.x.49.445: S 1669588661:1669588661(0) win 65535

  16: 08:37:39.019713 x.x.x.84.4084 x.x.x.117.445: S 3680195247:3680195247(0) win 65535

  17: 08:37:39.019728 x.x.x.84.4085 x.x.x.105.445: S 4046587513:4046587513(0) win 65535

  18: 08:37:39.019743 x.x.x.84.4088 > x.x.x.83.445: S 501999771:501999771(0) win 65535

  19: 08:37:39.019743 x.x.x.84.4089 > x.x.x.115.445: S 247404973:247404973(0) win 65535

  20: 08:37:39.019759 x.x.x.84.4090 > x.x.x.445: S 2900777504:2900777504(0) win 65535

  21: 08:37:39.019774 x.x.x.84.4091 > x.x.x.72.445: S 2976605973:2976605973(0) win 65535

  22: 08:37:39.019789 x.x.x.4706 > x.x.x.47.445: S 3673016963:3673016963(0) win 65535

  23: 08:37:39.019911 x.x.x.62.4695 x.x.x.23.445: S 1247732881:1247732881(0) win 65535

  24: 08:37:39.020033 x.x.x.239.4213 > x.x.x.33.445: S 4000077130:4000077130(0) win 65535

  25: 08:37:39.020155 x.x.x.70.2107 x.x.x.118.445: S 3435131153:3435131153(0) win 65535

  26: 08:37:39.020277 x.x.x.93.1832 x.x.x.32.445: S 609793484:609793484(0) win 65535

  27: 08:37:39.020399 x.x.x.126.2470 x.x.x.94.445: S 3058158037:3058158037(0) win 65535

  28: 08:37:39.020522 x.x.x.70.2108 x.x.x.63.445: S 3611138674:3611138674(0) win 65535

  29: 08:37:39.020796 x.x.x 61.110 > x.x.x.20.49957: . 472735354:472736634(1280) ack 1268278275 win 46

  30: 08:37:39.020811 x.x.x.66.1521 > x.x.x.11.39866: P 729052783:729054163(1380) ack 1465609040 win 32768

Hope this could help

Thanks,

Mark

Hi Mike,

After I sent you the information above, the CPU usage suddenly increased from 86% to 95%. It really worries me.

Thanks,
Mark

here's the result of show interface/traffice while the usage is 95%.

folink:

        received (in 4239.570 secs):

                6717 packets    500710 bytes

                1 pkts/sec      118 bytes/sec

        transmitted (in 4239.570 secs):

                228659 packets  268674466 bytes

                53 pkts/sec     63373 bytes/sec

      1 minute input rate 1 pkts/sec,  116 bytes/sec

      1 minute output rate 59 pkts/sec,  69824 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  118 bytes/sec

      5 minute output rate 56 pkts/sec,  66114 bytes/sec

      5 minute drop rate, 0 pkts/sec

outside:

        received (in 4239.570 secs):

                6037913 packets 5176235403 bytes

                1424 pkts/sec   1220934 bytes/sec

        transmitted (in 4239.570 secs):

                49016207 packets        4991253698 bytes

                11561 pkts/sec  1177301 bytes/sec

      1 minute input rate 1337 pkts/sec,  1233748 bytes/sec

      1 minute output rate 11413 pkts/sec,  871624 bytes/sec

      1 minute drop rate, 31 pkts/sec

      5 minute input rate 1255 pkts/sec,  1077565 bytes/sec

      5 minute output rate 11387 pkts/sec,  912641 bytes/sec

      5 minute drop rate, 32 pkts/sec

inside:

        received (in 4240.570 secs):

                48582307 packets        4975073589 bytes

                11456 pkts/sec  1173208 bytes/sec

        transmitted (in 4240.570 secs):

                5876344 packets 5122454084 bytes

                1385 pkts/sec   1207963 bytes/sec

      1 minute input rate 11324 pkts/sec,  868583 bytes/sec

      1 minute output rate 1309 pkts/sec,  1221962 bytes/sec

      1 minute drop rate, 2 pkts/sec

      5 minute input rate 11302 pkts/sec,  910108 bytes/sec

      5 minute output rate 1219 pkts/sec,  1065426 bytes/sec

      5 minute drop rate, 3 pkts/sec

dmz:

        received (in 4240.580 secs):

                8713 packets    488304 bytes

                2 pkts/sec      115 bytes/sec

        transmitted (in 4240.580 secs):

                9145 packets    515852 bytes

                2 pkts/sec      121 bytes/sec

      1 minute input rate 3 pkts/sec,  246 bytes/sec

      1 minute output rate 3 pkts/sec,  254 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  98 bytes/sec

      5 minute output rate 2 pkts/sec,  104 bytes/sec

      5 minute drop rate, 0 pkts/sec

----------------------------------------

Aggregated Traffic on Physical Interface

----------------------------------------

GigabitEthernet0/0:

        received (in 4240.750 secs):

                6038921 packets 5291388067 bytes

                1424 pkts/sec   1247748 bytes/sec

        transmitted (in 4240.750 secs):

                49029378 packets        5890308249 bytes

                11561 pkts/sec  1388977 bytes/sec

      1 minute input rate 1337 pkts/sec,  1259044 bytes/sec

      1 minute output rate 11413 pkts/sec,  1080710 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1255 pkts/sec,  1101447 bytes/sec

      5 minute output rate 11387 pkts/sec,  1120950 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/1:

        received (in 4240.970 secs):

                48586963 packets        5863132435 bytes

                11456 pkts/sec  1382497 bytes/sec

        transmitted (in 4240.970 secs):

                5876726 packets 5234080445 bytes

                1385 pkts/sec   1234170 bytes/sec

      1 minute input rate 11324 pkts/sec,  1075531 bytes/sec

      1 minute output rate 1309 pkts/sec,  1246617 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 11302 pkts/sec,  1116430 bytes/sec

      5 minute output rate 1219 pkts/sec,  1088789 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/2:

        received (in 4241.020 secs):

                8713 packets    685074 bytes

                2 pkts/sec      161 bytes/sec

        transmitted (in 4241.020 secs):

                9145 packets    720740 bytes

                2 pkts/sec      169 bytes/sec

      1 minute input rate 3 pkts/sec,  325 bytes/sec

      1 minute output rate 3 pkts/sec,  335 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  147 bytes/sec

      5 minute output rate 2 pkts/sec,  155 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/3:

        received (in 4241.030 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 4241.030 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Control0/0:

        received (in 4241.250 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 4241.250 secs):

                13332 packets   921244 bytes

                3 pkts/sec      217 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 3 pkts/sec,  217 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 3 pkts/sec,  217 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/0:

        received (in 4241.260 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 4241.260 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Management0/0:

        received (in 4241.470 secs):

                6721 packets    595108 bytes

                1 pkts/sec      140 bytes/sec

        transmitted (in 4241.470 secs):

                228768 packets  271999784 bytes

                53 pkts/sec     64128 bytes/sec

      1 minute input rate 1 pkts/sec,  138 bytes/sec

      1 minute output rate 59 pkts/sec,  70654 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  140 bytes/sec

      5 minute output rate 56 pkts/sec,  66900 bytes/sec

      5 minute drop rate, 0 pkts/sec

INTFW#INTFW#   show interface

Interface GigabitEthernet0/0 "outside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff4, MTU 1500

        IP address x.x.x.6, subnet mask 255.255.255.248

        6074570 packets input, 5320402892 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        49384576 packets output, 5928936804 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/0)

  Traffic Statistics for "outside":

        6074552 packets input, 5205271033 bytes

        49384576 packets output, 5024472630 bytes

        130590 packets dropped

      1 minute input rate 1208 pkts/sec,  1023727 bytes/sec

      1 minute output rate 11329 pkts/sec,  915489 bytes/sec

      1 minute drop rate, 33 pkts/sec

      5 minute input rate 1255 pkts/sec,  1077565 bytes/sec

      5 minute output rate 11387 pkts/sec,  912641 bytes/sec

      5 minute drop rate, 32 pkts/sec

Interface GigabitEthernet0/1 "inside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff5, MTU 1500

        IP address x.x.x.9, subnet mask 255.255.255.248

        48938018 packets input, 5901411677 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        44274 input errors, 0 CRC, 0 frame, 44274 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        5911183 packets output, 5262643902 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/0)

  Traffic Statistics for "inside":

        48937873 packets input, 5007323456 bytes

        5911183 packets output, 5150641516 bytes

        14369 packets dropped

      1 minute input rate 11262 pkts/sec,  912922 bytes/sec

      1 minute output rate 1174 pkts/sec,  1015701 bytes/sec

      1 minute drop rate, 2 pkts/sec

      5 minute input rate 11302 pkts/sec,  910108 bytes/sec

      5 minute output rate 1219 pkts/sec,  1065426 bytes/sec

      5 minute drop rate, 3 pkts/sec

Interface GigabitEthernet0/2 "dmz", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

        MAC address d0d0.fd3f.0ff6, MTU 1500

        IP address x.x.x.17, subnet mask 255.255.255.248

        8825 packets input, 697162 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        9261 packets output, 733192 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/230)

        output queue (blocks free curr/low): hardware (255/136)

  Traffic Statistics for "dmz":

        8825 packets input, 498376 bytes

        9261 packets output, 526216 bytes

        0 packets dropped

      1 minute input rate 1 pkts/sec,  83 bytes/sec

      1 minute output rate 2 pkts/sec,  89 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  98 bytes/sec

      5 minute output rate 2 pkts/sec,  104 bytes/sec

      5 minute drop rate, 0 pkts/sec

Interface GigabitEthernet0/3 "", is administratively down, line protocol is down

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address d0d0.fd3f.0ff7, MTU not set

        IP address unassigned

        0 packets input, 0 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 packets output, 0 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops, 0 tx hangs

        input queue (blocks free curr/low): hardware (255/255)

        output queue (blocks free curr/low): hardware (255/255)

Interface Management0/0 "folink", is up, line protocol is up

  Hardware is i82557, BW 100 Mbps, DLY 100 usec

        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

        Description: LAN/STATE Failover Interface

        MAC address d0d0.fd3f.0ff3, MTU 1500

        IP address x.x.x.1, subnet mask 255.255.255.0

        6772 packets input, 599628 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        230338 packets output, 273856080 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        input queue (curr/max packets): hardware (0/1) software (0/2)

        output queue (curr/max packets): hardware (0/21) software (0/1)

  Traffic Statistics for "folink":

        6772 packets input, 504820 bytes

        230338 packets output, 270631348 bytes

        0 packets dropped

      1 minute input rate 1 pkts/sec,  119 bytes/sec

      1 minute output rate 57 pkts/sec,  67208 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 1 pkts/sec,  118 bytes/sec

      5 minute output rate 56 pkts/sec,  66114 bytes/sec

      5 minute drop rate, 0 pkts/sec

thanks

Mark,

There is just too much netBios traffic getting to the ASA, are the Domain controllers on the other side of the network other than the inside? Can you enable the logs on the ASA?

Mike

Mike

Hi Mike,

I'm sorry I didn't get your question about the domain controller. The command is logging enable, right? Just want to make sure.

Thanks,

Mark

Logging on, but I think it is already enable. Now, regarding to the Domain controllers. Are they on the same subnet as the clients? Cuz I see a lot of 445 traffic, which is basically netbios over TCP (Most commonly known as file shares on any windows environment). Do you have any of these File shares on another interface different from where the clients are?

Mike

Mike

Hi Mike,

Our clients have different subnets, depends on location and department like x.x.220.0,x.x.221.0,x.x.222.0,x.x.223.0,224 & 225. And yes we do share files. our ftp and our servers reside on x.x.210.0  network. and ASA is on x.x.233.0 network. I'm not really sure if this is the one you are asking but I hope this could help.

The CPU usage remains 94% for more than an hour now.

Thanks,

Mark

Where you able to get the logs? 

Mike

Mike
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: