I have just noticed that my Cisco ASA 5510 cpu utilization increasing upto 30-35 % and when i issue sh processes cpu-usage, i have found dispatch unit occupied most of utilization.
View 4 Replies
I'm trying to do some research on the Dispatch Unit process. It seems High CPU and this process go hand in hand. I haven't figured out an effective way of determining what underlying issue is the actual source. How to understand what the Dispatch Unit process is doing? I have an ASA 5550. I have seen the cpu hover around 85% +- 5% for sustained long periods, 30 - 60 min +. I have always been under the impression that around 80% cpu and you're probably dropping packets (that could be an out-dated belief).
View 58 Replies View Relatedwe are running two failover pairs of asa (5510, 5505) in two different locations in active/standby configurations.Is it possible to access the inside ip of the standby unit via vpn terminated by the active unit? It's only for monitoring.With our configuration here it is not.Is that possible in general?
View 6 Replies View RelatedI have a single production 5510 with 2 contexts. Now I want to integrate the secondary failover unit. My question is: How much configuration needs to be done on the secondary firewall? How much of the configuration will be sync'd from the primary to the secondary when the secondary is connected?
For example, do I need to add the following on the secondary or will it be sync'd from the primary?
admin-context NAME
context NAME
allocate-interface Ethernet0/0.14
[Code].....
I have some technical consultations that I would like to know which would be a better implementation.
I am seeking for clarifications whether putting VPN and firewall in a single software or separating both into separate software.
I am having a very strange issue with connecting new machines to reach the internet.We have a ASA 5505 which the previous tech configured the DHCP pool to 192.168.1.60 - 192.168.1.110
We ended up reaching our limit which I changed it to: 192.168.1.60 - 192.168.187
Then next day when I arrived to work, our DC was hung from windows updates. Once we got everything back up, every computer currently on the network can reach the internet/VPN tunnels etc. So (continuing with my day) I created a new server in a VM (Hyper-V)I can ping everything internally (even the router) 192.168.1.1, but I cannot resolve DNS. I have configured a static IP, tried Dynamic IP.I have looked for any ACL indicating to block outside the range of the old DHCP pool but no luck.On my local maching I can ping the DNS addresses, but just not on the new server.
I've tried to upgrade a redundant setup from 8.2(4)4 to 8.2(5)22 ending with a stanby ASA continuously crashing after config sync phase. On the first crash it even corrupted the flash, leaving me no choice than initializing the box from scratch.
View 4 Replies View RelatedDid setup iaw instructions. got to step 9 where it went into configure mode. last few messages
192.168.1.5 to 192.168.1.1 (BUILT IN BOUND TO TO IDENTIFY), then
192.168.1.5 START SSL HANDSHAKE FOR TLSW1 SESSIN, THEN
192.168.1.5 COMPLETED HANDSHAKE, THEN
[Code].....
now i am unable to do anything with the 5505. can not log in , can not get a ping of 192.168.1.1, can not get into the unit and do a factory reset
What process I need to follow to rebuild my failover unit? I've had to turn it off because it seems that both the primary and secondary were thinking they should both be the active unit. I'm not sure why. But in turning off the failover, I had internet access again. So I think I want to rebuild the secondary unit's configuration. Do I need to turn off failover from the primary unit first? Disconnect the secondary unit, console into it and remove the configuration (command to remove from flash?)? Rebuild the interfaces..all interfaces or just STATE between the units? Just trying to get a list of the process
View 1 Replies View RelatedSo i setup a failover active / passive with 2 ASA5520's
Primary asa has 750 Anyconnect vpn licensing and the secondary asa has 2 Anyconnect licenses
I haven't setup the second asa with the new 750 licenses i purchased but when i do a show version it shows that the failover licensed features shows 750...
Does this mean i do not have to install the secondary anyconnect licenses on the standby ASA unit?
output of secondary asa
:
Licensed features for this platform:Maximum Physical Interfaces : Unlimited perpetualMaximum VLANs : 150 perpetualInside Hosts : Unlimited perpetualFailover : Active/Active
[Code]......
I am normally only doing IOS config. I have little problem when trying to setup this unit.,It boots ASA software 8.0.4 fine.,When i go to enable mode and into configuration mode and try to configure ip on an interface i have a problem.,
ciscoasa(config)# intciscoasa(config)# interface manciscoasa(config)# interface management 0/0ciscoasa(config-if)# ?,Interface configuration commands: default Set a command to its defaults description Interface specific description dhcp Configure parameters for DHCP client duplex Configure duplex operation exit Exit from,interface configuration mode Interactive help for interface subcommands no Negate a command or set its defaults shutdown ,Shutdown the selected interface speed Configure speed operationciscoasa(config-if)#
I did try to upload the new software 8.4.2 from rommon using TFTP. ,It boots 8.4.2 fine, but have same problem as in 8.0.4.,I did try to create a user haveing priv 15 and logging on as that user. It gives the same.,The firewall is not in transparent mode.
I have an issue bringing up my RMA'd primary ASA unit.
So what happened so far:
1. primary unit failed
2. secondary took over and is now secondary - active (as per sh fail)
2. requested RMA at Cisco
3. got ASA and checked that Lic (SSL), OS (8.2.2) and ASDM are at the same level as the secondary
4. issued wr erase and reloaded
5. copied the following commands to the new (RMA) primary unit:
failover lan unit primary
failover lan interface Failover Ethernet3
failover interface ip Failover 172.x.x.9 255.255.255.248 standby 172.x.x.10
int eth3
no shut
failover
wr mem
6. installed primary unit into rack
7. plugged-in all cables (network, failover, console and power)
8. fired up the primary unit
9. expected that the unit shows:
Detected an Active mate
Beginning configuration replication from mate.
End configuration replication from mate.
10. but nothing happened on primary unit
What is a valid and viable approach in replacing a failed primary unit? Is there a missing step that hinders me to successfully replicate the secondary - active config to the primary - standby unit.
I was not able to find anything related to ASA55xx primary unit replacement with a clear guideline or step by step instructions.
We received an ASA5520-K8 through Cisco's Loan program so we could demo it as a replacement for our aging Cisco 3005 VPN appliances. Given that we are a non Cisco shop (except for specific appliances like concentrators and wireless access points), I don't have a great deal of experience with Cisco gear.I started to set to setup the appliance this morning but immediately ran into issues. The 5520 doesnt seem to be acting as a DHCP server, and worse yet, I can't access the unit even if I hard code the IP on the PC being used for configuration. I have to say that I feel kinda stupid having to post this, since I actually followed the documentation avaiable for this menial task and I fully expect the problem to be a simple one. Namely, I am using two specific sources of info for connections.
View 20 Replies View Relatedi just received a RMA for failed ASA 5520 that was acting as secondary unit in multicontext configuration. What would be correct procedure to install it back in production? Do i need to restore backed up config of the fallen unit or is it just enough to enable multimode and connect to existing (primary) unit? Any good link for documentation that deal with this issues.
View 5 Replies View RelatedOn one side of IPsec tunnel is ASA 5505 and on other side of IPsec is C1841 sec K9. On ASA side I have optical link which is error free and on other side of IP sec I have wireless point-to-point link which sometimes have error on wireless part.
When error occurs on radio link, IPsec tunnel stop forwarding traffic. When I do show crypto isakmp sa on C1841 I see that IPsec is created, but traffic is not forwarding. Only clear crypto sa comand on C1841 works for me to rebuilt the tunnel.
Any similar issue with IPsec on error link between router and ASA and how to solve it?
I'm using a stack of four SGE2000P switches for a PoE video camera system. I've got the cameras in a VLAN and everything's working fine.
I'm wondering, though, is there a way to find out what data rate the stack interfaces are working at (since it's going over cable infrastructure we put in ourselves), and also what percentage of that bandwidth is being used? I don't see anyway to get to those interfaces from the main page, and I wasn't able to find a way to do any sort of percentage thing even on a regular interface.
I'm trying wrap my head around bandwidth guarantee for nested maps. I tried adding a new class to two of my policy-maps today, and got this error: 3945E-1(config-pmap-c)#bandwidth 3000 Insufficient bandwidth 3000 kbps for the bandwidth guarantee
I'm not sure how it knows that with the nested maps and how it's computed. I have a 100mb WAN connectin going to 19 branches. I have a class-map that identifies traffic to the individual branch and within that class, a policy-map is applied to prioritize voice over video etc.
Here's the QoS setup:
class-map Branch1-Policy
match access-group branch-1-acl
*
*
[code]....
I was adding the Video-Conf class to both Traffic-6calls and Traffic-10calls when I got the above error. How would that percentage be calculated? I know by default i can only reserve up to 75% of interface bandwidth. The platform is 3945E running 15.1(3)
I would like to know if there's a way to show Current-Utilization percentage within the messages generated by the Fault Management Module in LMS 4.0 [code] As you can see above CurrentUtilization percentage is not shown in Event Description section.
View 2 Replies View RelatedI have an IPAD, pc , laptop, mobile and my daughter comes over with her ipod and mobile.As I understand things my IP address range is not big enough and as a result my IPAD keeps dropping and saying not connected
View 14 Replies View Relatedwhat are the factors leading to bandwidth increase
View 2 Replies View RelatedWe have lms 3.2 that we are facing a problem with it. When we start the server the EDS-GCF log file size start to increasing rapidly until it consumes up all free space and it only stops when we stop the Daemon Manager service. I tried to do the pds how command but I get no output from it. I included the portion of the EDS and EDS-GCF log files. i searched and didn't find the cause of this error.
View 3 Replies View RelatedWhy my OC3 interface is showing increasing output drops its starts happening as soon traffic exceed 60Mbps ( FYI my traffic never exceeded 75Mbps MAX, and circuit is 150Mbps from carrier , full OC3)
Below are few stats as starter. IOS i am using is c7200p-is-mz.122-31.SB10.bin
sh int pos1/1
POS1/1 is up, line protocol is up
Hardware is Packet over Sonet
[Code].....
When i check the status of my Internet Connection I notice that the sent and received bytes keeps increasing. I'm sure there are no downloads taking place that I'm aware of. No torrent clients, no antivirus nothing. I checked my PC for malware but that didn't work. As a result of this, i keep getting high pings in online games and can't even watch videos in youtube anymore. like, some software to monitor all the programs that use the itnernet connection without my knowledge or something??My primary concern is gaming (Call of Duty 4) so I wouldn't mind this idle downloading (whatever it is) as long as the major chunk of my internet connection is directed towards Cod4!
View 5 Replies View RelatedThis has been happening of late. When i check the status of my Internet Connection I notice that the sent bytes will be more than 200 and received bytes will be low as 2 to 4
View 1 Replies View RelatedThis has been happening of late. When i check the status of my connection, i notice that the "sent" and "received" bytes keeps on increasing when i'm idle. I'm pretty much sure there's no downloading of any sort in progress that I'm aware of. As a result of this, I can't watch videos in Youtube or play online games due to high ping.
View 6 Replies View Related[code] just came out with a new package called Roadrunner Broadband Extreme ($10 extra). The claimed speeds are 30GB down and 5GB up. I have a friend in another area of town who is getting these speeds consistently, although i will admit he lives in a much more "technologically advanced" area where there are several big technology businesses like IBM. I just had the service installed last week, and have even had the cable techs to the house, but i am not even close to getting what i paid for.On average a normal day i would test at between 14-17GB down and maybe 2.2 up (using Time Warner's speed test, on tests from places like Speakeasy the speeds show much lower).So the question after the long winded description is this. Is there any program i can use that may be able to safely tweak my system and get closer to the speeds i should be getting? I know i may never reach 30 down and 5 up, but if i could at least be in the 20's down and maybe 3.5-4 up.
View 12 Replies View RelatedIm installing & configuring a new ACS 1121. Ive updated to version 5.3 with patch:This temporarily solves my Active Directory problem but i still would like to have the NTP server pointing to the same reference as the Active Directory.
View 1 Replies View RelatedI'm not sure about my title, it;'s the best I could come up with. I have approximately 7 computers, two iPhone, and iPad, wireless printers and a network attached storage. Most are connected over via wifi, the exceptions being one pc, the nas and a printer. I plan to add six more devices plus some ip cams. The way the router or network is configured whenever a guest connects to our wifi they can "see" our computers. I haven't been able to tell if they can see the files or just the name of the computer. Question 1: How can I tell if the guests are able to access the data on our computers or networked drive? Question 2: If I add a switch will I need to do anything special with regard to security?
View 1 Replies View RelatedMy LAN speed was 100 Mbps but now it is 10 Mbps and too slow when I am using internet. So how can i increase the speed to 100 Mbps from 10Mbps?
View 2 Replies View RelatedMy apartment complex offers free wifi but it is always unreliable, sometimes it is slow and I can't load pages. Often it says my signal is good or excellent and I still have problems. I'm pretty sure its not just my laptop because when I am home where we have our own network and my connection is great there. I have looked around on the internet for solutions and have not really found anything. All solutions say to do something to the router and I do not have access to it. I saw these things called usb wireless network adapters. Would they be able to increase my wifi connection?
View 1 Replies View RelatedWe frequently camp at campgrounds that offer free WiFi, but many campsites are on the fringe of receiving a signal. Is there anything I can add to my laptop to increase receiving range- ie usb adapter with antenna?
View 2 Replies View RelatedI am using my ADSL Internet Connection especially for downloading files those past few months.I have even purchased an account at filesonic.However,the speed remain the same except that there are no waiting period and I can download multiple files at the same time.What are the tips for increasing downloading time? I am now using the latest 5.0 Firefox and Windows 7 and using or not using the download them all add-ons does not add much to the download time.
What about the telephone line cable? The position of the beetel modem, does that play a role in speed limit? Are there some hardware equipment that can cause a subsequent increase in download speed?
ok i have setup a subnet on my uncles network on which i am running a domain with server 2008. i am using a dlink di 624 router and wanted to know if i upgraded to a 300mbps router would this increase the bandwidth within my network?i know i am limited to what i am receiving from my uncle who is also limited to what he is receiving from the ISP. im not worried about internet speed. i want to increase client to server speed for both lan and wireless.
View 1 Replies View Related
