I am using a an ASA5520 with a few hundred users connected to the Internet with a 20MB ethernet circuit. Our bandwidth usage (from the home screen of the ASA) usually is at 3-5MB or so. Lately the home screen shows the input bandwidth to our public interface as pegged 24x7 at 20MB which is the max allowed by our ISP. I am trying to use the ASA tools to find the IP responsible but haven't had much luck. Packet tracing and logging tools require specific IPs and ports which doesn't help me because if I knew which IP and port I was looking for then I wouldn't have to use the tool! Seems like most of the screens and graphs are geared to showing overall statics for specific interfaces but they can't drill down to specific IPs. Any ideas on how I can find this rouge IP(s)?
As soon as I finished upgrading the ASA and ASDM the problem went away, at least for now. I will continue checking but now there is no need to use the top usage stats. Weird. Nevertheless the new ASA/ASDM is a nice upgrade. Thank you!!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...