The infrastructure has PIX515E as the Firewall and few Web Servers and Database Servers inside. Is it possible to retreieve information regarding the bandwidth available at the outside interface of PIX (Internet link utilization ) utilized by each of the nodes seperately? I could use SNMP to get the overall data transfer at the Outside interface of PIX but isit possible to get utilization details of individual nodes ? Is Netflow an option ?
Were running an ASA5510 with multiple IPSEC VPN clients over a 100Mb leased line. At the moment we have about 10 active clients however we are looking at gearing up to about 100 clients.Question is, is there a known method for calculating the required bandwidth for this number of clients or indeed obtaining metrics from already connected clients with this calculation. We have tried a few monitoring products, most notably Solar winds, however none of the products we have tried seems to be able to give us the throughput of the individual VPN connections to assist with our calcs....
I've got an ASA5510 with an IPS/IDS module. Because of a merger, I've got two 10.10.10.x networks (West and Central). I'd like all West traffic to be IPS checked before going into Central. Once it goes into Central, it's out of my hands. Can I set up NAT to accomplish this?
Again, the traffic flow would be from West (10.10.10.1) through the ASA/IPS, and then to Central (10.10.10.1).
Is this possible? If not, do I need another router?
We recently got a Cisco ASA 5510 Security Appliance and I have some general question.
We have 1 T1 internet connection, and we have 2 internal networks. These 2 internal networks currently hav access to the internet. I am having issues with the 2 internal networks being able to communicate with each other.
They have an ASA-5510 with version 8.2(5). They just upgraded their Internet bandwidth to 30 Mb both ways.If we do a speed test in front of the ASA, we get 28 Mb/s upload and download, with a ping of about 5 to 10 ms.If we go behind the ASA, the download is about the same, the upload is decreased to about 12 Mb/s and the ping goes to 260 ms The license is base, there are no additionnal function added to the firewall (no IPS). I've check the speed and duplex and everything is fine.There are no drops on the interfaces or rules of the firewall, no drops on the Interface of the ISP router either. All interfaces are configured at 100Mb full duplex.I saw a couple of discussions on this in the forums, but they don't seem to come up with anything and they look like they end in the middle of the whole story, like once the problem is solved, they don't update their discussion.
Currently a network consists of two subnets, one subnet is behind a ASA and the other behind a PIX, both connecting to the ISP's routers. If the PIX is retired, is it possible to create/consolidate the two networks protected by the ASA5510 with the default gateway being the ISP?
How can two private networks be protected by the ASA5510? One conceptual way is to create the VLANS on a layer 3 switch, on the "inside" interface of the ASA. In this senario what would the "inside" network's IP address? If the above is possible, how would natting occur?
Is there an efficient configuration to protect two networks protected by the 5510, other than creating a DMZ?
Is it possible to create two private networks with same level of security, 100 on a three network interface connections?
I am working as net admin which is i need to monitoring and manage my workplace network( education center )I got a few question about network traffic flow. Here is the issued.I got high bandwidth utilization so high after office hours which is only on night. as we know, after office hours there is no person at the office but the traffic flow on bandwidth utilization is high.what are the possibilities of this issued?
I am running LMS 4.2 , using that i am monitering some switches . I am using topology services also. In that i am getting veiw of all connected devices with links. But bandwidth utilization is for those links are not showning in topology veiw .
Is there any settings to be done in LMS 4.2.2 or any configuration changes to done on my switches ? to find the traffic flow bandwidth utilization.
I use a CISCO ASA 5505 with ASA 8.3. Everything works fine, but when I type the following line I get an error message:
nat (inside,outside) source dynamic OBJ_SPECIFIC_192-168-1-0 10.1.5.5ERROR: 10.1.5.5 doesn't match an existing object or object-groupI even tried to create the missing object but it did not work. The document also explains how to use ASDM for this configuration. It seems that there an object 10.1.5.5. is created.
I matched the traffic statistics on one of my Cisco ASA site-site tunnels with the OID:22.214.171.124.126.96.36.199.188.8.131.52.184.108.40.20642 (cipSecTunHistInOctets). I was real proud of myself for a few days until I checked the history and found the OID wasnt working.After some troubleshooting I found that the last four digits (4142 in this case) change whenever the tunnel drops and re-establishes itself. Any way to collect tunnel utilization history on an ASA with SNMP? Is there a different OID I can use thats based on the endpoint IP?
The other day 3rd party supplier ran some stats on our Gigabit link between 2 Cisco catalyst 3750Gs.now the graphs produced showed only a Maximum output of about 100Mbps ( 5 minute intervals) yet when I do a show interface it shows a lot more always 150Mbps and more. So I did my own Perl script doing an "sh interface" every minute and then graphed it, and the results were a lot different to the MRTG results.Questions: I know MRTG uses SNMP to get the traffic is there a bug in the SNMP, what OID does it use?does the "sh interface" give the correct results?
I have a Cisco Aironet 1240AG Access Point and I am trying to setup a guest network that is secure and limited in bandwidth utilization. I see an option under security > SSID Manager on the web interface to select an interface of Radio0-802.11G, Radio1-802.11A or both. Can I put the guest network on the Radio1-802.11A and make it more secure/bandwidth limited or does this option not matter?
I'm configuring an asa device for web access: SSL VPN service. I can have a user authenticate for web session with their active directory domain credentials (username and password). Once their web session has started, moving to the "browse networks" feature for a share viewing requires them to authenticate once again - "authenitcation required". I'd like to configure the device so that authenticating to the windows file share will be attempted using the previously entered credentials.
We have configured 20 route in ASA 5520. The CPU usage goes to 100 % at the moment when we add a specific route.route inside 10.254.101.0 255. 255. 255.0 10.254.102.254 1.This is the same case when we add this route at the first cli or as the 10th cli or the 21 cli (errespective of the position of cli) There is an another route out of which 20 routes we have configured is route inside 10.254.103.0 255.255.255.0 10.254.102.254 1.The normal case if we dont add the problamatic route , then the CPU utilization is only 2 %.
We have a VPN concentartor which is having few VPN and doing NAT (Static and PAT) as well. One of our customer has added huge number of serves so we have to do hundreds of static and PAT rules.we have really large number of customers which are growing and do so the NAT in VPN concentartor.
I am bit concern and want to know what will be the best way to check that how my VPN concentartor is doing .As we all know its a GUI i try to check few stuff but couldnt get any info.... the model number is 3015.
I've deployed many Cisco PIX 501 v6.3.3 either as normal firewalling feature and/or with VPN features enabled. I noticed in all my deployments, regardless if it's during peak hours or after office hours, the memory utilization is always consistent 11MB utilized over the total of 16MB(memory default size).
I have Active Standby ASA5550 setup with VPN premium license. A few days back we had a requirement of SSL VPN connection for and we got a temporary from Cisco for same, this license expired and the ASA reverted to it's original license. 3 4 days after this we saw a sudden increase in CPU utilization (upto 90% + -5%) on the ASA during production hours but were not able to figure out the reason, in order to restore the services we failovered the firewall to secondary and everything worked fine. We were suspecting one of the following but there were no logs for any of this
1. The ASA hardware was haivng problem
2. Some client was doing a DoS attack to bring down the ASA (no logs for this as well).
We took a downtime to look further by failovering the ASA back to primary and it worked fine without any issues ruling out the 1st option. We also came across a licesing doc [URL]
Downgrading any license (for example, going from 10 contexts to 2 contexts).
# Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
As per this doc, sooner or later a restart was required on the ASA. We restarted secondary ASA and everthing was fine but when we restarted the primary ASA by swtiching over to secondary some of the server (not all) in the DMZ stopped working (even ICMP unreachable) and only came back to normal when the primary ASA was restored and working fine (with failover).
The reboot was done by shuting down the physical link between the Core switch and ASA inside individually.
I am not sure what could be the issue that the servers in the DMZ wen unreachable.
I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. How I can find the root cause of the CPU high utilization?
we have ASA 5520 with IOS 8.0 , when i am trying to add more static routes on the inside interface the CPU utilization is going up. one faced the same issue. I am configuring through the cisco ASDM 6.1(3)f.
I am facing high CPU util on my pix 515 E which is in failover mode.During peak hours the util is see rising to 60% where as in off peak hours it is normally12%.
During normal operation the average utilisation was observed to be 30% but suddenly from 2/3 days it is constantly 60% doule the value as earlier. Have gone through the logs and traffic but not able to tarce anything particular
below is the o/p of some command taken for analysis
IOS version 8.0(4) sh cpu usage CPU utilization for 5 seconds = 51%; 1 minute: 61%; 5 minutes: 58% sh cpu usage
I want to run two syslogs, one to Loglogic for compliance and the other to Solarwinds for network administration. Currently the firewall is setup for just the one syslog device. If I add an additional device ie further IP in the config for the Loglogic box will there be any noticeable differences in the performance of the firewall, does affect the cpu utilisation, or memory in any way.
Would like to ask for everyones assistance with regards to the problems we are encountering on our PIX525 firewall. Our encountered problem is as follow."PIX 525 experience sudden high CPU utilization every time a Vulnerability System Scan (third part app) is conducted. Based on the previous experiences, the high CPU utilization where experience when a host on a particular VLAN (214) is being scanned. Whenever we removed the said VLAN (214) in the network the CPU utilization of PIX 525 comes back to normal and all connectivity were resumed."The problem just recently appeared, we are conducting vulnerability system scan before and it goes successfully.
We had two PIXes in our environment and working as a active-failover mode. Its noted in now a days the active PIX memory utilization is 98% and for standby PIX it is 96%. And also in some times we were experiencing packet loss to the ip of active PIX and which reflects in the inside servers access also. During that time the active pix was not accessible via ssh as well as ASDM. We have tried reloading the PIX and changing failover state of the PIX, but it results only a temporary solution. Current memory installed is 128 MB (maximum upgraded), so a upgrade is also not possible. Please see the show command outputs from the PIX. Current Software version is 7.2(4)
sh memory output (PIX 1 - active) Free memory: 4850944 bytes ( 4%) Used memory: 129366784 bytes (96%)
1) How we can pin point the root cause of this high memory utilization?
2) What might be the reason for the high memory utilization for the standby pix (96%), still the PIX is in idle state?
3) Is it a hardware issue or a memory leak issue, then how can we find out?
4) Is a software upgrade to new version resolves the memory issue?
We have a 6509 core with the below modules running for a long time and the utilization used to be always 10 to 13 percent checking with the supplier it was told to us that due to the firewall modue we have and its normal Now 2 days back i noticed the utilzation had jumped to 90 % and now it happened again
I see that on runnung proc cpu
16407 56.1% 56.5% 55.9% ios-base
16430 35.3% 35.2% 33.9% iprouting.iosproc
the modules present
Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 6 Firewall Module WS-SVC-FWM-1 SAD140901XA 3 16 16 port 1000mb GBIC ethernet
I moved my computer and now its moving slow I scanned a document that took forever and when I went to save it (after I finally got it to bring up the folder I wanted to save it in) after 5 minutes it was still on page 2 of the save and I finally rebooted the computer.
I have two ASA5510's set up in failover, and the secondary keeps crashing after doing the interface checks when bringing failover up. This only happens if I try to upgrade the image on the secondary to anything newer than 8.4.1 (I've tried with 8.4.1-11 and 8.4.2). The primary one run just fine with new images.
I don't have the exact error right now, as I need to do a screen capture from console. It's just a huge crash dump.Are there anything I might have missed during the upgrade? Should I cold-boot both the firewalls in the correct order?
We have an active-active pair of cisco ASA5580-20 with software version 8.4(1)9. There are 8 contexts on it (including admin and system). 1 context is active on Primary node and other 7 are active on Secondary node. User traffic is going through this 1 context (2 interfaces - inside to users, outside to internet) and there are peaks to 1.16M concurrent connections, max bandwidth is 1.25Gbps. CPU usage for this context in peak hours is 63%, but we noticed that when we run "show cpu usage context all" from system it shows that system context is using 25% of CPU and "Total CPU utilization" (form output of show cpu detailed - on system context) is 88% which is bad. In non peak hours - user context use 33.6% CPU, system use 14.5%, total CPU usage is 50.5% So, is it normal this cpu utilization on system context (system on Primary node)?
We have several ASA5540s and 5510s (v8.4.1) being managed by CSM (4.1) Every so often several of the ASAs will send SNMP messages to CSM stating very high CPU utilization reached, usually between 150% and 400% - sometimes as high as 4million %.Obviously you can't get greater than 100%.