ASA 5520 sluggish with IPS module and threat detection
We have a failover pair of ASA 5520's with IPS modules. During some recent peak activity periods (ecommerce spikes in traffic), The inspection load on the IPS goes up over 80%. The proc on the ASA gets smacked at 99+ % and the Dispatch Unit process is doing the heavy hitting. We've disabled the default threat detection and threat-detection statistics on the ASA, but still see sluggishness. It doesn't appear to be related directly to number of connections as the sluggishness occurs whether there are 12k or 36k worth of connections. Is there any optimization that can be done? Frame size adjustments, etc.?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...