Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

High traffic from my ASA internal interface

Good morning:

I have cisco ASA 5520 and i am having high traffic per hour from my internal interface, For example can have 700 or 800 MB, this behavior come happening since 3 weeks ago.

Can someone help me to know whats is happening?

Thank in advance

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: High traffic from my ASA internal interface

Hello,

Please make sure that the below commands are in your configuration:

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400

average-rate 200

If these are present, then when you go to the firewall dashboard on the

ASDM, it will show you top 10 services, top 10 sources, and top 10

destinations. One limitation is that while you can get these statistics in

general, you might have to use different techniques (like sniffing the

traffic using wireshark) to actually look at the type of traffic for top

talkers.

Hope this helps.

Regards,

NT

4 REPLIES
Cisco Employee

Re: High traffic from my ASA internal interface

Hello,

If you have installed ASDM, if you go to the ASDM dashboard, there is a section that lists all the top talkers. It will also list the percentage of traffic per protocol (top 10) as well. You can use that to see which of your internal hosts are generating so much of traffic.

Hope this helps.

Regards,

NT

New Member

Re: High traffic from my ASA internal interface

Thank you, Nagaraja Thanthry

Yes, I discovered the strange behavior in this section of ASDM (Top talkers by Bytes last hour), but I can't (or yes?) see the traffic(Protocol) and the other peer in this graphs .

Exist some way to see the corresponded traffic for this high consume

Thank in advance.

Cisco Employee

Re: High traffic from my ASA internal interface

Hello,

Please make sure that the below commands are in your configuration:

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400

average-rate 200

If these are present, then when you go to the firewall dashboard on the

ASDM, it will show you top 10 services, top 10 sources, and top 10

destinations. One limitation is that while you can get these statistics in

general, you might have to use different techniques (like sniffing the

traffic using wireshark) to actually look at the type of traffic for top

talkers.

Hope this helps.

Regards,

NT

New Member

Re: High traffic from my ASA internal interface

Thank you, Nagaraja Thanthry

I told you about this graphs in ASDM, they are available in the ASDM, but i can't determine the source, destination and protocol in the traffic mentioned, with the information in they.

I go to use the sniffer to see the traffic.

Thank you for your help.

Hector.

3570
Views
0
Helpful
4
Replies
CreatePlease login to create content