Cisco Firewall :: ASA 5505 8.2 (1) Is Rebooting After High Xlate Usage?
Feb 26, 2012
I have ASA that just started to reboot through out the day yesterday. It seems to happen every few hours but not in a pattern.Right before it reboots there is a flood of sys log id 305006 messages "portmap translation creation failed for tcp src inside:xxx dst outside:xxx the xlats go from around 2-3k to about 30+k then crash.Memory ussage is already pretty high normally on this device (about %75 used) CPU is around %15-20 I notice that the portmap translation errors are always from 3 inside host.
I have configured an ASA 5510 and 2960S 48 port switch in a lab environment. I have two laptops connected to seperate subinterfaces with server 2003 as dhcp server for one network. Everything has been working fine as we have been testing the ASA while also testing the csc smm module. When we came in today we noticed the csc module cpu is running at 100% constantly and http traffic is extremely slow. I have not yet received my smartnet contracts from the vendor or I would open a TAC case and I have read on the net that this is a common problem.
I recently reboot my asa 5520, I was trying to remove webvpn listening from my outside nic, even though it wasn't configured. [code]I was planning to do another reload without the fast reload option.
I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error..So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
Today I upgraded my Cisco ASA 5505 ASDM from version 6.34 to 6.41 cause of some problems on old version with NetFlow. But now when I switch to dashboard i can not see "Top Usage" tab. That was quite usefull for me. It simply disappeared.
Can i somehow configure which tabs are displayed on dashboard ? I really need that one and I do not want to downgrade :/
My understanding is for insight to outside we need global and NAT, and for outside to inside we need static and ACL? Traffic goes to high to low, I'm just start working with 5505 recently.
One of my remote sites acquires Internet connectivity via a cable modem service. This goes down intermittently, of course. I would like to purchase DSL service from the local telco and configure the edge ASA (currently a 5505) to use the cable modem path normally ... and fall back to the DSL path if necessary.
These seems hard to do. The edge box would need to evaluate the viability of a WAN path using some set of tests ... perhaps pings to a handful of major Internet sites. If all those pings start failing, it would stall for a minute, to give the WAN service provider time to recover ... then cut over to the second path. Cutting to the second path might mean pushing new DNS server addresses to clients (or perhaps the edge box would hand out both sets of DNS servers all the time and rely on the clients to try them all.) Once the cable modem provider restored service, the edge box would stall for a while (ten minutes? an hour?) and then cut back.
I'm willing to replace the edge box with something fancier (a bigger ASA or something sold as a router or whatever), although I'd like to stay under 10K (list) for such a replacement.
When a physical switchport/routed port has high usage, you can move the link to a higher capacity port, upgrade the port, bond links, etc. What exactly do you do when an SVI has high usage? I guess you could remove some servers from the VLAN, but that doesn't seem like a reasonable solution. What dictates the capacity of an SVI? The backplane of the switch?
I have a 1841 router plugged into a 100M Comcast ethernet connection. My router cpu is really high and users download speed isn't as high as before. Can a 1841 handle 100M circuit with 100 users on it? What would cause the router's cpu to be high? I don't think there are any viruses or malware on the lan.
#sh proc cpu his r2.leaguecity-toy-startoy 06:06:26 PM Wednesday May 30 2012 PST 111 1 1 1 111 24 1 1 1 1 400369232222544222330359645223283294332688334452308404382236
I have a lot of cisco 7206 vxr deviceses. I have a high cpu problem.I have a 7206 vxr g2. I used to use ebgp for three upstream carrier. I used to bgp full route table method. I have about 800 Mbps active traffics and behing the router about 1600 active customers.
How can I trouble shoot this high cpu problem?
#sh int gigabitEthernet 0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is MV64460 Internal MAC, address is 000c.cf1d.d01b (bia 000c.cf1d.d01b) Description: ***** GW Interface ***** [Code]....
I have a Cisco 1921 router and it uses 99% of CPU and i cant seem to spot wich process that is taking up the cpu. I have an interface with several sub-interfaces and i am moving data between two of those subnets, i tried the "ip route-cache same-interface"-command on giga bit ethernet 0/1 with all the sub-interfaces like gigabitethernet 0/1.18 and so on. That did not work.
Received this notice from ISP. Does this make sense:We have noticed we are getting a huge number of queries from X.X.X.X and it is showing to be about 98% of the DNS traffic hitting our name servers. It appears that the data consists of reverse lookups to 10.1.0.0 network. It needs to be remediated as soon as possible because it could cause a service interruption.It almost seems as if my router is acting as a DNS server. The isp data consists of reverse lookups to 10.1.0.0 network which would be the internal.
I've got a problem with a core 6509E and the multicast.A client has a system with cams for the physical security and they are connected to a vlan with this config:
interface VlanXip address 172.20.167.1 255.255.255.128ip helper-address 172.20.32.7ip pim version 1ip pim sparse-modeendThe thing is that we know that one server that shows the cams at the security office is flooding the network and the CPU CORE is over 95% always:
CPU utilization for five seconds: 99%/39%; one minute: 99%; five minutes: 99% 263 644650276 567873287 1135 51.99% 55.06% 55.35% 0 IP Input [Code] ....
i keep getting messages from AVG saying they have detected a very high internet usage, first it was with google and then with firefox..they recommended to shut down and restart..anyone could explain what's going on? I'm not downloadin anything..just checking my mail!
Recently got a mobile broadband dongle for my laptop, shows 7.2 Mbps speed in the status window and under activity the received bytes is shooting up, as I write this is has went from 25,000,000 to 35,000,000, that's about 10 mg for a few seconds, it does this even when I have no page open, I can't see anything in task manager, I don't know why it's downloading so fast when there's nothing there, also because of this it is slowing my browsing down,
We have dynamic NAT configured from inside to outside interface, but still it is showing NAT entry as below.
"NAT from inside:177.26.99.10 to outside:177.26.99.10 flags Ii"
Expected NAT entry should as below :
"NAT from inside:177.26.99.10 to outside:111.111.111.111 flags Ii"
We were considering implementing "ip verify revert-path" .Hence here i am thinking whether xlate-bypass is the issue here and implementing same with "ip verify revert-path" woud be a good idea.
I have an issue with 7600 router where CPU goes up to 60-70% and memory is also high. Both due to BGP Router process. URL We are seeing this issue since ISP has upgraded their router 20 days ago. Router also seen following error.I have not reset the BGP session with ISP yet. Is there any way I can supress BGP updates coming from ISP and see if CPU and memory USAGE reduces. IOS version 12.2(33)SRD and RSP720 with PFC 3cXL
My 4500 core always in 60 % cpu utility , and when i run #sh proc cpu sorted i find that 55 29725041543795572214 0 39.43% 41.40% 41.39% 0 Cat4k Mgmt LoPri
Which mean that this process is the top one , and when i run #sh platform health i found that Stub-JobEventSchedul 10.00 15.98 10 64 100 500 20 17 12 29269:55 K2 CpuMan Review 30.00 35.60 30 48 100 500 49 46 32 52390:52
Those two process are the top and they already exceed their maximum rang and when i run #sh platform cpu packet statistics i can find that Packets Received by Packet Queue
I have an issue with 7600 router where CPU goes up to 60-70% and memory is also high. Both due to BGP Router process. [URL] According to our baseline it should not be more than 40% at any given time. We see high CPU uptp 70% consistently.
CPU utilization for five seconds: 99%/0%; one minute: 57%; five minutes: 55% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 442 66173704 90234125 733 96.86% 46.09% 46.30% 0 BGP Router 7 509291060 26330202 19342 1.17% 3.90% 2.99% 0 Check heaps
Router has 1 eBGP session with ISP from where it downloads whole IPv4 internet routing table and two IBGP session with other two rotuer. When I look at BGP summary table I see many updates received from ISP and sent out to IBGP neighbors. Also did debug BGP updates to confirm it.
We are seeing this issue since ISP has upgraded their router 20 days ago. Router also seen following error.
%BGP-6-BIGCHUNK: Big chunk pool request 628 for community. Replenishing with malloc
I have not reset the BGP session with ISP yet. Is there any way I can supress BGP updates coming from ISP and see if CPU and memory USAGE reduces. IOS version 12.2(33)SRD and RSP720 with PFC 3cXL
My CAT 4510 switch is showing 99.9% CPU usage almost through out the day. After some analysis i saw that the “Cat4k Mgmt LoPri” process is having 86% CPU utilization. This process is a package that is including multiple process.
Within this package, two processes have been identified which are causing this shock which are “K5L3Unicast Adj Tabl” and “K5 L2 Hardware Addre” .
This indicates that some heavy activity is going on CEF adjacency table and RP MAC Address Table. My current IOS version is 12.2(53)SG
i have cisco 7600 router , here is show run : Gateway7600#sh run Building configuration...
Current configuration : 4787 bytes ! ! Last configuration change at 09:08:04 UTC Sat Apr 20 2013 by xxxx ! version 15.2 service timestamps debug datetime msec [Code]....
we have two ASA 5520, on the failover unit is showing LU allocate xlate failed. We read on [URL] that it could be a memory problem , but have cheked it and we have 85% of memory free on both nodes. We also can see all xlate on failover unit.
We have forced failover this evenig and we can´t stablish outbound connexions by outside interface, we think xlates or nat cant work properly.
I got an asa5510. After problems with ipsec connections the log said :
LU allocate xlate failed this error repeats every minute. At the cisco site i found the following :
explantion : stateful failover failed to allocate a translation (xlate) slot record recommended Action : check the available memory by using the show memory command to make sure that the security appliance had free memory in the system. If no memory is available, add more memory
I'm having issue with one stubborn process that is consuming nearly all the CPU on all of my switches. I tried googling it, but had no luck. The process is "hulc nrgyz PD di"
We recently configured a stack of four 48 port 3750-x switches . We are noticing high CPU usage. "Hulc LED process" seems pretty high. This has coincided with VMware servers getting slow and non-responsive at times, perhaps a coincidence, not sure. Below I provided some outputs about how to diagnose it.
I have a 2 Cisco 3750X stacked working as CORE switches but not in production yet showing a high CPU utilization and I would like to see with you whether you think this is normal or a IOS upgrade/downgrade should be performed.
I have very low traffic coming through as this is not yet in production:
