Cisco Firewall :: CPU Utilization When Running Two Syslogs ASA5550
Mar 3, 2011
I want to run two syslogs, one to Loglogic for compliance and the other to Solarwinds for network administration. Currently the firewall is setup for just the one syslog device. If I add an additional device ie further IP in the config for the Loglogic box will there be any noticeable differences in the performance of the firewall, does affect the cpu utilisation, or memory in any way.
View 1 Replies
ADVERTISEMENT
Aug 9, 2010
In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it?
View 6 Replies
View Related
May 30, 2012
I've inherited an ASA5550 which is missing its SSM-4GE-INC - it was taken out to upgrade a 5540, which is now in production elsewhere in the enterprise. Trouble is, now the 5550 will not boot, it gets stuck after a panic message, and reboots:
Panic: Init Thread - Module SSM-4GE-INC is not present. Rebooting...
I'm taking this as the unit cannot function without this module installed?
View 5 Replies
View Related
Sep 20, 2011
I are currently implementing a new patching schedule (when I say new i mean a company first!!!) and I have identified that the firewalls are all running 8.2(2). I would like to bring these up to the latest version but am a little worried about impact!!! I have setup a test firewall with the config from our live asa's and run the upgrade but have received multiple lines.
View 9 Replies
View Related
Feb 16, 2012
I have upgraded ASA5550 version from 7.2(4) to 8.4(2).
On version 7, I am used to "names" command, like this:
names
name 107.25.1.10 Picard
name 107.25.2.20 Administrativa
By addition, when configuring acls it was very usefull, for example:
access-list inside_access_out line 15 extended permit udp host Picard host 107.25.4.61 eq snmp
On version 8, I have verified that names replacement is no more available:
ASA(config)# access-list outside_access_in permit ip host ?
configure mode commands/options:
A.B.C.D Source host IP address
View 5 Replies
View Related
Feb 11, 2013
we have 2 catalyst 4507 Switches (Catalyst 4507-R running 15.1.2.release) configured in VRRP and vlans are distributed across both the switches.For few vlans core1 is master and for remaining vlans core2 is master.Both cores showing different CPU utilization.when we did our troubleshooting,we realized that the server vlan on core1 (Core1 is master for this vlan) is creating high utilization.when we switched this server vlan to core2 the core1 utilization came down and core2 utilization increased.we identified that server vlan is culprit in this issue. i would like to know weather any method is available in core switch wherein i can check which server in this vlan is contributing for this utilization.(To identify the server which contribute this utilization,we can actually shut 1 server each at time to see weather utilization is going down.with this kind of testing ideally we should be able to identify the server but this will disturb the server environment which we don't want in live environment)
View 8 Replies
View Related
Nov 11, 2012
I am trying to set up an ASA5550 so that I can access the servers behind it. Simple.
As of now, I am unable to even create an access-list to allow traffic from my remote IP into the firewall. As far as my level of experience with Cisco firewalls, it's basically zero but I have taken the Cisco CCNAX class and feel that I have a good understanding of the fundamentals. That said, we only dealt with routers and switches, and it's not impossible that I'm missing something that would be totally obvious to most folks on this board. I've used CLI and ASDM with no success.
Here are the relevant parts of the config:
[code]...
View 6 Replies
View Related
Feb 22, 2012
I have been getting overrun errors on 3 different ASA 5550 HA pairs with traffic rates less than 100Mbps total. I was told by one TAC guy to split the traffic between the two slots so that traffic comes in one and exits the other to maximize throughput because the 5550 was designed to work that way. Another TAC guy told me to enable ethernet flow control to alleviate the overrun errors because the traffic was bursty, but this doesn't seem to address the root cause of the problem to either. TCP traffic is bursty by nature and has it own flow control mechanism. I can't seem to find any detailed info on why traffic needs to be split for 100Mbps when the marketting throughput number is 1.2G. Is this a design flaw or limitation? Is there a way to alleviate overrun errors?
View 25 Replies
View Related
Nov 29, 2012
I need to block 4000 nodes (Ultrasurf, TOR exit nodes) and I've written a script that will ssh and copy in these objects (prob 100 at a time) into an object group and then put a blanket deny. I don't see a flood of traffic (occassional hits every other day, etc) but I was wondering what the impact would be? Can the ASA handle an object group of that size plus an ACL with it? Any way to block incoming connections from TOR/Ultrasurf?
View 1 Replies
View Related
Feb 2, 2012
getting step by step procedure to bring an ASA5550 to factory default setting, so that I can configure it from scratch via ASDM
View 3 Replies
View Related
Mar 4, 2011
Is it possible to establish PBR rules that set the ip next-hop to point directly to the inside interface of the ASA5550?Or, do I need to direct this PBR traffic first to a directly connected router interface and then default route to the ASA?At a high level, here's what we have:
ISP 1 - with /21 IP PrefixNo BGP Routing3845 Edge Router - Default Route to ISP 1PIX535 Firewalls (HA) - Default Route to Edge RouterLAN Core/Distribution - Default Route to PIX535 Inside InterfaceAll applications/services use this egress path for PAT/NAT/DMZ/VPN/Etc.
Here's what we are adding:
ISP 2 - with /24 IP PrefixNo BGP Routing3925E Edge Router - Default Route to ISP 2ASA5550 Firewalls (HA) - Default Route to Edge RouterSame connectivity to LAN Core/Distribution
Goals:Maintain ISP 1 for nowMigrate only end user Internet traffic to ISP 2No disruptions to applications/services using current DefGW to PIX535
Question: how to best use PBR to selectively direct traffic to the ASA inside interface?
View 4 Replies
View Related
Jan 27, 2013
How to schedule automatic Xlate sessions cleaning in ASA5550. I want to clear few global nat sessions manually every week.Is there any way to automate that?
View 1 Replies
View Related
Apr 14, 2013
We have currently install single ASA 5550 and want to install one more ASA for active standby mode, but cisco discontinue or End of sale ASA 5550. can any one guide me ASA 5555X is compatible with ASA5550 on active standby mode or not.
View 2 Replies
View Related
Mar 29, 2013
I have the latest ASDM 7.1(2) & ASA5550 9.0(2). When I try to start Remote Access VPN Wizard, it's just nothing to select in Wizards-VPN Wizards, except "Site-toSite VPN Wizard..."
View 2 Replies
View Related
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
View Related
Mar 10, 2011
We are looking to implement traffic shaping/policing primarily for P2P traffic. As natively the ASA5550 is only capable of p2p inspection if the traffic is tunneled via port 80 is the AIP-SSM the way forward? We have 2 5550s in active/active failover config. As a side note we are also looking to implement an IDS/IPS system so could this module cover all?Is this module going to provide the desired outcome or is there another module/device out there better suited for this? I would prefer to use the ASA5550s as opposed to implementing another product if only that we can make use of the investment we already made on these devices.
View 1 Replies
View Related
Nov 15, 2011
Recently we have added cisco 6513 switch in ciscoworks which is having ACE30-mod-k9 module in it. now for any events syslog messages are logged in syslog.log file of my ciscoworks server but not reflecting in my ciscoworks portal. i can see the syslog alearts in syslog.log file.also email notifications i m not getting for the same though email credentials are mentioned in SYSLOG automated actions in RME.
View 2 Replies
View Related
Feb 29, 2012
I am trying to figure out why the Device view has no systlogs in Cisco Prime 4.1.I have everything configured, the switch is sending debugging level logs to the IP of the Prime Server. I am fairly certain it is reporting because it has alot of other information in the server.
View 1 Replies
View Related
Aug 12, 2011
I have setup about 16 devices to syslog to LMS4.1 Vmware eval... but I am not recieving any messages at all. I know these devices are generating syslogs to another system but lms doesn't show anything under monitoring / syslog_info.
Is there anything special I need to do to setup LMS4.1 to receive syslog's sent directly to its IP. .e.g. not using an external syslog server but using LMS.
View 8 Replies
View Related
Jun 11, 2012
I would like to create custom reports using the Report Designer (Reports -> Report Designer -> Syslog) and filter certain syslogs from being seen when I run the report like permitted ACL entries, 802.1x successful authentications. It seems like there is only the option of displaying what you want to see, not what you don't want to see.
View 6 Replies
View Related
May 29, 2012
I have installed LMS 3.2 on a Win Server 2008, with 160 GB HDD. But it seems that it is running out of space after some times.So actually we managed to add another server, with a HDD of 500 GB capacity, and maped this HDD as a network drive.Now my question is: is it possible to enable LMS to automatically save all syslogs and collected data from the actual 160 GB HDD, to the new one 500 GB HDD?
View 8 Replies
View Related
Sep 27, 2011
We have configured 20 route in ASA 5520. The CPU usage goes to 100 % at the moment when we add a specific route.route inside 10.254.101.0 255. 255. 255.0 10.254.102.254 1.This is the same case when we add this route at the first cli or as the 10th cli or the 21 cli (errespective of the position of cli) There is an another route out of which 20 routes we have configured is route inside 10.254.103.0 255.255.255.0 10.254.102.254 1.The normal case if we dont add the problamatic route , then the CPU utilization is only 2 %.
View 1 Replies
View Related
May 28, 2011
We have a VPN concentartor which is having few VPN and doing NAT (Static and PAT) as well. One of our customer has added huge number of serves so we have to do hundreds of static and PAT rules.we have really large number of customers which are growing and do so the NAT in VPN concentartor.
I am bit concern and want to know what will be the best way to check that how my VPN concentartor is doing .As we all know its a GUI i try to check few stuff but couldnt get any info.... the model number is 3015.
View 3 Replies
View Related
Jul 6, 2011
I've deployed many Cisco PIX 501 v6.3.3 either as normal firewalling feature and/or with VPN features enabled. I noticed in all my deployments, regardless if it's during peak hours or after office hours, the memory utilization is always consistent 11MB utilized over the total of 16MB(memory default size).
View 3 Replies
View Related
May 21, 2013
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
View 4 Replies
View Related
Mar 10, 2013
I have Active Standby ASA5550 setup with VPN premium license. A few days back we had a requirement of SSL VPN connection for and we got a temporary from Cisco for same, this license expired and the ASA reverted to it's original license. 3 4 days after this we saw a sudden increase in CPU utilization (upto 90% + -5%) on the ASA during production hours but were not able to figure out the reason, in order to restore the services we failovered the firewall to secondary and everything worked fine. We were suspecting one of the following but there were no logs for any of this
1. The ASA hardware was haivng problem
2. Some client was doing a DoS attack to bring down the ASA (no logs for this as well).
We took a downtime to look further by failovering the ASA back to primary and it worked fine without any issues ruling out the 1st option. We also came across a licesing doc [URL]
Downgrading any license (for example, going from 10 contexts to 2 contexts).
# Note If a temporary license expires, and the permanent license is a downgrade, then you do not need to immediately reload the security appliance; the next time you reload, the permanent license is restored.
As per this doc, sooner or later a restart was required on the ASA. We restarted secondary ASA and everthing was fine but when we restarted the primary ASA by swtiching over to secondary some of the server (not all) in the DMZ stopped working (even ICMP unreachable) and only came back to normal when the primary ASA was restored and working fine (with failover).
The reboot was done by shuting down the physical link between the Core switch and ASA inside individually.
I am not sure what could be the issue that the servers in the DMZ wen unreachable.
View 0 Replies
View Related
May 11, 2008
I have a remote site customer with a Cisco ASA 5540 running SSLVPN (Anyconnect)(8.03). It currently only serves about 450 SSLVPN clients. Since last friday, they've seen the CPU utilization go up to high 90% while only serving 400+ remote users. I saw some high cpu utilization bugs, but none looked to be relevant. How I can find the root cause of the CPU high utilization?
View 2 Replies
View Related
Dec 22, 2012
we have ASA 5520 with IOS 8.0 , when i am trying to add more static routes on the inside interface the CPU utilization is going up. one faced the same issue. I am configuring through the cisco ASDM 6.1(3)f.
View 1 Replies
View Related
Aug 9, 2012
I am facing high CPU util on my pix 515 E which is in failover mode.During peak hours the util is see rising to 60% where as in off peak hours it is normally12%.
During normal operation the average utilisation was observed to be 30% but suddenly from 2/3 days it is constantly 60% doule the value as earlier. Have gone through the logs and traffic but not able to tarce anything particular
below is the o/p of some command taken for analysis
IOS version 8.0(4)
sh cpu usage
CPU utilization for 5 seconds = 51%; 1 minute: 61%; 5 minutes: 58%
sh cpu usage
[Code]......
View 1 Replies
View Related
May 2, 2013
I was looking at my CISCO ASA 5520 and i found something really strange
ciscoasa/VPN-context# sh mem detail
Used memory: 4259249568 bytes (793%)
------------- ----------------
Total memory: 536870912 bytes (100%)
but when I look at the system context this is what I see
ciscoasa# sh mem
Free memory: 170829000 bytes (32%)
Used memory: 366041912 bytes (68%)
------------- ----------------
Total memory: 536870912 bytes (100%)
As far as I know the ASA is working good.
Info of the device
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
View 3 Replies
View Related
Nov 21, 2012
Just want to check with you about memory utilization on the Asa 5510 ..
Free memory: 19%
Used Memory: 81%
Is this normal? Because we hade a problem this morning and the memory was at 100%..
Device Manager version 6.1(5) 57
Hardware: ASA5510-K8, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
View 4 Replies
View Related
Sep 25, 2012
I am seeing high cpu utilization on 5520.
fw# sh processes cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
0x081e1e11 0x6ddc1528 70.6% 66.5% 66.0% Dispatch Unit
0x08ed170c 0x6ddb9b48 1.6% 1.7% 1.8% Logger
0x08dd5f2c 0x6ddafee0 1.5% 1.5% 1.5% SNMP Notify Thread
0x08e8d045 0x6dd99348 0.1% 0.1% 0.1% ssh
View 2 Replies
View Related
Feb 22, 2013
Would like to ask for everyones assistance with regards to the problems we are encountering on our PIX525 firewall. Our encountered problem is as follow."PIX 525 experience sudden high CPU utilization every time a Vulnerability System Scan (third part app) is conducted. Based on the previous experiences, the high CPU utilization where experience when a host on a particular VLAN (214) is being scanned. Whenever we removed the said VLAN (214) in the network the CPU utilization of PIX 525 comes back to normal and all connectivity were resumed."The problem just recently appeared, we are conducting vulnerability system scan before and it goes successfully.
View 5 Replies
View Related