It sounds like your ASA is doing too much- I think the addition of an internal Layer 3 switch to handle the Inter-Vlan routing would help things by a large margin. It may be the best solution to your current issues. let the Layer 3 switch act as a core switch/routing device, connect it to the internal network to your existing switches and connect the other end to the ASA, reducing the workload on the ASA.
To check is you're sending to much of traffic for ASA to handle - overruns will indicate ASA's hardware buffers running low and dropping frames.
If values are non-0 and increasing you're most likely sending too much traffic for ASA to handle.
Will tell you which inspection engines are working. They are fastest contributors to CPU utlization (apart from dispatch_unit - which is process used to poll interfaces, very ofthen dispatch_unit will cause high cpu indicating oversubscription)
But if the ASA is doing Firewall, Routing, NAT and "server" to VLANs and the core network is growing every day can not be my internal infrastructure. ok?
A detail ... Uplink all of my infrastructure is fiber, it is not like leaving a slow LAN, much as VoIP traffic, which is my case.
Another point is that we have problems logging Syslog traffic from 1,600 with this machine grows about 5 gigabytes or more. However, this may be the traffic that passes by and misconfiguration. Am I wrong?
And.. Is there any snifer to help me? Is there anything I can do to prove that the ASA is "full"? Remembering that I do not have access to the firewall!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...