Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 Dispatch CPU 100% DNS Inspect

Hello Forum,

We have a 5505 that is getting nailed with DNS traffic and pegging the proc since an upgrade to 8.2.5 (See below).  It looks like legitimate traffic for the most part, but it is truly tough to tell. 

Global policy:

  Service-policy: global_policy

    Class-map: inspection_default

      Inspect: dns preset_dns_map, packet 132510954, drop 14650969, reset-drop 0

      Inspect: ftp, packet 1308, drop 0, reset-drop 0

      Inspect: h323 h225 _default_h323_map, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: h323 ras _default_h323_map, packet 0, drop 0, reset-drop 0

      Inspect: netbios, packet 32838, drop 0, reset-drop 0

      Inspect: rsh, packet 0, drop 0, reset-drop 0

      Inspect: rtsp, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: skinny , packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: esmtp _default_esmtp_map, packet 27460, drop 0, reset-drop 0

      Inspect: sqlnet, packet 0, drop 0, reset-drop 0

      Inspect: sunrpc, packet 0, drop 0, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: tftp, packet 0, drop 0, reset-drop 0

      Inspect: sip , packet 359728, drop 15, reset-drop 0

               tcp-proxy: bytes in buffer 0, bytes dropped 0

      Inspect: xdmcp, packet 0, drop 0, reset-drop 0

      Inspect: ip-options _default_ip_options_map, packet 0, drop 0, reset-drop 0

show processes cpu-usage sorted non-zero

PC         Thread       5Sec     1Min     5Min   Process

081a86c4   c69ab3c8    97.9%    98.0%    96.3%   Dispatch Unit

08c15df6   c69a5548     1.1%     1.0%     1.1%   Logger

08bde96c   c698e520     0.2%     0.2%     1.6%   ssh

0812904c   c69a1a38     0.1%     0.1%     0.1%   CTM message handler

093315a4   c69a0490     0.1%     0.1%     0.1%   esw_stats

Can anyone point me in a direction to prevent this?  This never occured prior to an upgrade from 7.2 to 8.2.

232
Views
0
Helpful
0
Replies
CreatePlease to create content