Cisco Security :: CSCSSM 20 Module On ASA 5510 Causes 100 Percent Cpu Usage
Aug 13, 2011
I installed a CSC-SSM-20 module on ASA 5510. After policy services have been enabled, services works well for a few minutes, after that the cpu usage's module rise to 100% and all http traffic is wholy blocked, till the cpu usage go down.This happens very frequently and traffic stay blocked for such a long time that it makes the csc-ssm module unusable. It's disabled right now. ASA version is 8.2(1)and CSC-Module version is 6.6.1172.0.
View 1 Replies
ADVERTISEMENT
Apr 7, 2013
whenever I setup URL filtering in 1841 router with policy-map type http and zone-pair command, I experience 100% CPU spike. is there any workaround?
View 1 Replies
View Related
Mar 20, 2013
We are running Cisco 6509-e and we are running load test and when traffic reach 80 mbps switch start reponding very slow. I checked CPU usage and it was using 100% and connection to the switch from outside to inside are 80K. once connection dropp Cisco release CUP and it start responding normal. [code]
View 4 Replies
View Related
Oct 18, 2011
Im running ASA 8.0(3) on Active/StandBy failover pair.Last night I realized the CPU usage of my production ASA was 99%,,, on the ASDM Firewall Dashboard I can see counters like this:
Dropped Packet Rate (ACL Dropped) = 6000+ (more than 6 thousand)
Scanning Attacks = 18600+ (more than Eighteen thousand)
I went on the ASDM and checked the RealTime Log viewer and I have about 30 entries per second of these:
4Oct 19 201111:35:12401004Shunned packet: 10.64.10.1 ==> 10.64.0.1 on interface NewLAN
[code]...
View 1 Replies
View Related
Jul 27, 2011
I have an ASA 5520 with a CSC-SSM modul,the problem is when i am logging in to my ASDM, on the content security monitoring, it's showing the CPU and memory are at 100%(CSC) but when i directly connect csc-ssm MODULE it comes down,so is it problem with ASDM , java OR csc.
View 5 Replies
View Related
Sep 16, 2007
do i still need ACS if i have the NAC appliance say 3310.
View 3 Replies
View Related
Nov 7, 2012
Site-to-site tunnel between 881 router and ASA 5510 don't work stable,When PHASE 2 completed and Ipsec Tunnel has been builded, 881 resend some entities which will increment error counters.
View 1 Replies
View Related
Jan 28, 2013
I have configured an ASA 5510 and 2960S 48 port switch in a lab environment. I have two laptops connected to seperate subinterfaces with server 2003 as dhcp server for one network. Everything has been working fine as we have been testing the ASA while also testing the csc smm module. When we came in today we noticed the csc module cpu is running at 100% constantly and http traffic is extremely slow. I have not yet received my smartnet contracts from the vendor or I would open a TAC case and I have read on the net that this is a common problem.
View 1 Replies
View Related
Jun 30, 2011
What is the best email service that puts a high priority on privacy yet is still easy to use on a daily basis?
View 2 Replies
View Related
May 24, 2012
I seem to get conflicting information on using the Management port as a regular routed interface on the ASA5510..The management interface can be used for the traffic that passes through the firewall as well. The Security Plus License for the ASA 5510 is required in order to use the management0/0 port as a regular interface. With a base license on the 5510, the management0/0 port cannot be used as a regular interface.
I believe that I saw another post that mentioned it was part of the standard IOS if you had a later version.
View 2 Replies
View Related
Aug 8, 2006
ASA 5510 security plus edition will it support active/active failover. and does it support context with securiyt plsu edition. and how many default context do we get with asa 5510 security plus edition.
View 3 Replies
View Related
Jan 28, 2011
I have Cisco ASA 5510 with CSC-SSM-10. ASA anti-virus service can not update the Base and Plus lisense. No Activation Code required for renewal. I go to "Administration> Product License" in the CSC SSM console and click "Check Status Online" to get the latest expiration date.In the module on the Check Status Online has reported the following error when: Base License status could not be checked because of a license server failure. "Please try again later", "Plus License status could not be checked because of a license server failure. Please try again later". UPDATE manual virus database can be seen in the latest available version, can not be upgraded because the service expired.
View 2 Replies
View Related
Dec 13, 2011
One of my client want to upgrade its already installed ASA5540-bun-k9 by adding CSC-20 Module. As per below link CSC-20 is supported with ASA5540. but for any reason the ASA5540 bundle option with CSC Module is not available that create confusion.Will CSC-20 Module work with ASA5540-bun-k9 [URL]
View 2 Replies
View Related
Mar 24, 2011
I am using an ASA5510 and I would like integrate the CSC SSM module in it. What is the Process to upgrade, is it possible and Where I can find it ?
View 1 Replies
View Related
Oct 1, 2012
I have a couple of ASA 5510 firewalls configured and working. I'm now charged with configuring the IPS modules. I'm having to do this remotely. Since the IPS module hasn't been configured I'm guessing it's on 192.168.1.2 with the default username/password.
I'm told that the workstation I access from connects through a switch to the ASA and to the IPS.
I've set the ASA management port to 192.168.1.1. I can't ping 192.168.1.2 - not sure I'm supposed to be able to. In the ASDM, Configure IPS prompts for an IP address. Entering 192.168.1.2 returns "IP address of the management port is unreachable".
View 4 Replies
View Related
Jul 5, 2012
How can I update the expired certificate in AIP-SSM-10 Module using CLI or ASDM.....Here;s the output from the device....and also is there a way I can generate some daily or weekly reports in a graphs.
edge-s2# show versionApplication Partition:
Cisco Intrusion Prevention System, Version 7.0(2)E4
Host: Realm Keys key1.0Signature Definition:Signature Update
[Code].....
View 1 Replies
View Related
Dec 11, 2011
I have requirement received from one of my customer. the part number given as ASA5540-AIP40-K8, same time requesting for addition of another 4Port GE Module (i believe its SSM-4GE Module). Is any option to add this module in to the above specified model (ASA5540-AIP40-K8).
As per my understanding the ASA5540 have the option to add 1 additional module only, so if we AIP-SSM module, we don't have any free slot left with to add another SSM-4GE Module in the firewall.
i am not getting even the option to add SSM-4GE in the ASA5540-AIP40-K8
View 1 Replies
View Related
Aug 15, 2011
As i'm facing the issue with Cisco CSC module installed on ASA 5510, It hangs up and doesnt work sometime, so it is bypassing all the traffic without inspection through CSC module. After restarting ASA 5510 box, it works fine as it used to work. Now, My question is how can i refresh the module again without interrupting the ASA box/ and how can i avoid this problem forever? Because i cant interrupt the daily work due to this module problem by restarting the box again and again.
View 1 Replies
View Related
Oct 29, 2011
I found my CSC module installed in ASA 5510 unresponsive. I tried to recover / re-image the module with .bin file. but I think it is not possible to re-image because there is no rechability with CSC module, and session 1 command also doesn't work,
you can see the response here.
CS-ASA# session 1
Opening command session with slot 1.
Card in slot 1 did not respond to session request.
CS-ASA#
In this case how to enter into the module?
I removed and inserted the module and tried to reach to it .. but couldnt solve . I just wanted to know whether hardware is dead or not.
View 1 Replies
View Related
Mar 9, 2007
how to configure FWSM module in cisco core switch 6500
View 2 Replies
View Related
Feb 1, 2012
I run a website for a local football team using Serif Webplus X6. On uploading the weekly updates of the site the process seems ok for a few minutes with progress bars showing uploading of files but then it all stops and I have to reset my wireless network adaptor 1703 and it continues but I can't just leave it to work on its own. Device manager says that the drivers are up to date but I'm fed up with having to nurse the adaptor. This didn't happen with previous computers.
View 2 Replies
View Related
Apr 3, 2013
however recently when i check my internet usage log on my wireless company (Rogers) the usage is totally off from what my bandwidth tracker shows me. So i decide to turn off my wifi and see what happens, there has always been this weird wifi connection appearing whenever my wifi appears, then afterwards when i turn off my wifi the suspicious wifi connections disappear. is this possible that someone is using our wifi? i might just be overreacting but it has brought me to concern that if the usage continues my family will have to end up paying over $30 for extra internet use. it is very frustrating me because when i check my DHCP client table it only shows 3 connection, ethernet - my desktop which is not turned on, 2 wireless connection - my laptop and my sister's laptop.
View 6 Replies
View Related
Jun 8, 2011
I have installed CSC-SSM-10 on cisco ASA 5520.I am facing two problems
1 : When I send traffic from ASA to SSM module then internet connection becomes slow and sometimes internet session disconnected.
2. When I try to manual update then following erros shows please see attachment .
View 6 Replies
View Related
Feb 29, 2012
I have a 1941 that I am going to deploy with a HWIC-D-9ESW switch module (I only need 3 switch ports but need the PoE). I am going to hang a 1262 autonomous AP off one of the ports but I need to configure MAC address port-security so that only that AP can pass traffic. I know the switch modules are 'almost' exactly like a switch for commands but I can't seem to enable or configure any port-security settings. Is port-security no available on the switch modules?
View 3 Replies
View Related
Nov 19, 2012
I am having a Cisco 4507 switch. The CPU on the switch is running between 50% to 60% constantly. To troubleshoot I collected some logs using debugs & show commands.
debug platform packet all receive buffer
show platform cpu packet buffered
debug platform packet all count
show platform cpu packet statistics
show processes cpu sorted | exc 0.00
show platform health
show platform cpu packet statistics
show platform health output shows the below process crossing the target value.
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
Stub-JobEventSchedul 10.00 13.41 10 47 100 500 13 13 10 5462:52
K2PortMan Review 3.00 5.35 15 11 100 500 4 4 3 1799:47
What I need to know is, though these process are running in Low Priority, will there be any issue if the CPU goes high due to these process.
View 1 Replies
View Related
Nov 6, 2012
I have just finished installing LMS 4.2 on a new VM (Windows 2008 R2 Standard Edition SP1). I have already reloaded the server, all LMS services have correctly started. However, the process CS_sm_server.exe still using 100% CPU.Windows 2008 R2 Standard Edition SP1
View 6 Replies
View Related
Apr 2, 2013
We have two offices connected using Site-to-Site VPN (IPSEC) as shown:(IP ficticius)Office 1 - We had to use 2 routers since we have a range of valid IPs: From a host in office 2 we normally ping 192.168.102.1 (gateway at office 1),But when pinging a host inside office 1 (eg: 192.168.102.8) 50% of packets have been lost.Could it be a hardware problem?
View 1 Replies
View Related
Jan 3, 2010
I am working at a client site that is an MPLS customer. The customer has an MPLS circuit that runs between their Main HQ and their Disaster Recovery site. I have been asked to analyze and report as well on the way the Qos Policy is written, and to provide any recommendations on how they can improve performance.There is a statement within the Qos Policy as it exists at each end on the 3825 routers. The statement is called "shape average percent". Here is the policy from one side:
policy-map QoS
class COS2_traffic
set dscp af31
shape average percent 12
bandwidth percent 13
[code]....
What does this statement mean and how is it different than the the "bandwidth percent" statement?
View 2 Replies
View Related
Jan 15, 2012
I have two switches that always are with yours CPU in 39 or 40 %. the switches are:
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1)
I think it's very strange the CPU always in 39 or 40 %. neither all ports of the switches are busy there are 6 ports free in each switch. 40 % I think it is a high value for CPU maybe because my IOS version 12.0 ?
View 2 Replies
View Related
May 29, 2012
after IOS upgrade to 15.x on Cisco2811 MEM util raised from 20% to 43%. Is it critical?Which level of MEM utilization is critical?
View 6 Replies
View Related
Mar 14, 2013
Whenever i try to download an exe file from the internet, its just get stuck at 99%. It doesn't happen with .rar or any other file. Not to mention, I was able to download net fremwork 4.0 exe installer though. I tried these things: Used different browsers. Used different download managers. Disabled firewall and AV.
View 1 Replies
View Related
Sep 12, 2011
I have ATT DSL and pretty much every night, I lose a large portion of the Internet. I cannot ping these sites, while the rest of the net works fine. The other night, I could not ping major domains like ATT, CNN, MSNBC, BBC (a chronic missing domain). On the other hand, I could get Yahoo fine and go to a streaming audio site and run music perfectly...but about 90% of the Internet was unreachable. Could not load their sites nor ping them in command line. The other 10% worked flawlessly.
View 12 Replies
View Related
Mar 23, 2012
I want to ask for the possibility of configuration below? 2x Cisco ASA 5510 running Multi-Context mode and Active/Active Failover1 Cisco ASA 5510 (ASA 1) has AIP-SSM1 Cisco ASA 5510 (ASA 2) has CSC-SSMThere are 2 contexts, context A and context BASA 1 is the primary firewall for context A, and secondary firewall for context BASA 2 is the primary firewall for context B, and secondary firewall for context A
Can AIP-SSM on ASA 1 inspects traffic of context B which primarily runs on ASA 2?Can CSC-SSM on ASA 2 inspects traffic of context A which primarily runs on ASA 1?
View 2 Replies
View Related
