Re: CPU % on ASA higher than normal, how can I debug?
Follow these steps in order to troubleshoot:
1.Verify that the connection count in show xlate count is low.
2.Verify that the memory block is normal.
3.Issue the show memory detail command, and verify that the memory used by the PIX is normal utilization.
4.Verify that the counts in show processes cpu-hog and show processes memory are normal.
5.Any host present inside or outside the security appliance can generate the malicious or mass traffic that can be a broadcast/multicast traffic and cause the high CPU utilization. In order to resolve this issue, configure an access list to deny the traffic between the hosts (end to end) and check the usage.
6.Check the duplex and speed settings in PIX interfaces. The mismatch setting with the remote infterfaces can increase the CPU utilization.
Note: Cisco recommends that you enable the ip verify reverse-path interface command on all the interfaces as it will drop packets that do not have a valid source address, which results in less CPU usage.
7.Another reason for high CPU usage can be due to too many multicast routes. Issue the show mroute command in order to check if PIX/ASA receives too many multicast routes.
8.Use the show local-host command in order to see if the network experiences a denial-of-service attack, which can indicate a virus attack in the network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...