Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2024
Views
10
Helpful
2
Replies

asa cpu high load

Go to solution
Vyacheslav_Maliev
Level 1
Level 1

‎04-21-2011 05:29 AM - edited ‎03-11-2019 01:24 PM

Hi!

Yesterday we had some troubles with ASA 5505 when there was a ddos attack of the web server behind. Tons of TCP request on port 80 were flooded from different networks and the asa firewall got freeze because of 100% cpu load. We tried to prevent this flooding by ACL, but ASA was still freezeng and neither vpn and internet access worked. Is there any solution to mtitgate this volnurability?

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-21-2011 05:36 AM

Hi Maliev,

You can limit the number of TCP embryonic connections that can be formed to the server. This way they won't be able to open so many connection that the ASA gets over-burdened.

Kindly refer to this document: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#sol

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.

View solution in original post

2 Replies 2

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-21-2011 05:36 AM

Hi Maliev,

You can limit the number of TCP embryonic connections that can be formed to the server. This way they won't be able to open so many connection that the ASA gets over-burdened.

Kindly refer to this document: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#sol

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card