Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ICMP through the PIX


I am doing pre-deployment testing for 7.2 on a PIX535. I started pumping engineered ICMP traffic from IXIA at 75MB and 64 frame size just for traffic flow validation (allowed via ACL). For some reason, the CPU spiked to 99%. I was under the impression that every echo-request/echo-reply from the IXIA is considered as one session thus really busy-ing up the PIX CPU. When I checked the PIX, there were only 2 connections.

Does anybody have any idea?




Re: ICMP through the PIX

it could be anything internally or externally, look at the firewall logs and see if you have multiple denies with high tcp ports for inbound traffic.

did you do " show conn " and verified in fact you have just 2 connections? if just two connections can you track these internal connections?

Community Member

Re: ICMP through the PIX

"show conn" does show 2 connections and is coming from the IXIA to remote destination. I was thinking that it probably is the limitation of the PIX. I am pumping 148,800 frames per seconds of ICMPs and every one of those frames will go through the PIX CPU. Does anybody know what is the pps limitation of the PIX535? I have a VAC+ installed on the PIX.


Re: ICMP through the PIX

can you post a short text from the pix logs on the icmps, sounds like DoS , does the logs shows the icmps allowed or icmp unreachable..

can you indentify the connectios comming from the IXIA, it could be a host on that end sending spam..

CreatePlease to create content