https://community.cisco.com/t5/network-security/asa-high-bps-in-on-outside-interface/m-p/2769478#M166741 <P>A couple of days ago the receiving interface utilization on our ASA's outside interface spiked to over 100 times what's normal. Below are some show commands I ran. I'm not great with firewalls, so any help at all is appreciated.</P><P>&nbsp;</P><P># show traffic<BR />inside:<BR />&nbsp; &nbsp; &nbsp; &nbsp; received (in 157419.900 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 392718 packets &nbsp;79601094 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2 pkts/sec &nbsp; &nbsp; &nbsp;14 bytes/sec<BR />&nbsp; &nbsp; &nbsp; &nbsp; transmitted (in 157419.900 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 218752 packets &nbsp;21963534 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1 pkts/sec &nbsp; &nbsp; &nbsp;3 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute input rate 2 pkts/sec, &nbsp;240 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute output rate 1 pkts/sec, &nbsp;103 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute drop rate, 0 pkts/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute input rate 5 pkts/sec, &nbsp;1137 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute output rate 3 pkts/sec, &nbsp;332 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute drop rate, 1 pkts/sec</P><P>outside:<BR />&nbsp; &nbsp; &nbsp; &nbsp; received (in 157419.930 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 204561925 packets &nbsp; &nbsp; &nbsp; 9440820414 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1026 pkts/sec &nbsp; 59017 bytes/sec<BR />&nbsp; &nbsp; &nbsp; &nbsp; transmitted (in 157419.930 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 278947 packets &nbsp;94372148 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1 pkts/sec &nbsp; &nbsp; &nbsp;26 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute input rate 732 pkts/sec, &nbsp;33832 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute output rate 1 pkts/sec, &nbsp;234 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute drop rate, 319 pkts/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute input rate 937 pkts/sec, &nbsp;43566 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute output rate 4 pkts/sec, &nbsp;1320 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute drop rate, 474 pkts/sec</P><P>&nbsp;</P><P># show resource usage<BR />Resource &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Current &nbsp; &nbsp; &nbsp; &nbsp; Peak &nbsp; &nbsp; &nbsp;Limit &nbsp; &nbsp; &nbsp; &nbsp;Denied Context<BR />SSH &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Syslogs [rate] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1 &nbsp; &nbsp; &nbsp; &nbsp; 3081 &nbsp; &nbsp; &nbsp; &nbsp;N/A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Conns &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;39 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 67 &nbsp; &nbsp; &nbsp;10000 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Xlates &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8 &nbsp; &nbsp; &nbsp; &nbsp;N/A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Hosts &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;12 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 14 &nbsp; &nbsp; &nbsp; &nbsp;N/A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System</P><P>&nbsp;</P><P>&nbsp;</P><P># show inter out det<BR />Interface Vlan2 "outside", is up, line protocol is up<BR />&nbsp; Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec<BR />&nbsp; &nbsp; &nbsp; &nbsp; MAC address c471.fe4a.2062, MTU 1500<BR />&nbsp; &nbsp; &nbsp; &nbsp; IP address 74.213.161.150, subnet mask 255.255.255.240<BR />&nbsp; Traffic Statistics for "outside":<BR />&nbsp; &nbsp; &nbsp; &nbsp; 203719444 packets input, 9401777193 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; 275162 packets output, 93454007 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; 119693306 packets dropped<BR />&nbsp; &nbsp; &nbsp; 1 minute input rate 716 pkts/sec, &nbsp;33133 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute output rate 1 pkts/sec, &nbsp;271 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute drop rate, 302 pkts/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute input rate 803 pkts/sec, &nbsp;37282 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute output rate 3 pkts/sec, &nbsp;1046 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute drop rate, 340 pkts/sec<BR />&nbsp; Control Point Interface States:<BR />&nbsp; &nbsp; &nbsp; &nbsp; Interface number is 16<BR />&nbsp; &nbsp; &nbsp; &nbsp; Interface config status is active<BR />&nbsp; &nbsp; &nbsp; &nbsp; Interface state is active</P><P>&nbsp;</P><P># show asp drop</P><P>Frame drop:<BR />&nbsp; Punt rate limit exceeded (punt-rate-limit) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 119827225<BR />&nbsp; Flow is denied by configured rule (acl-drop) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 14638<BR />&nbsp; Invalid SPI (np-sp-invalid-spi) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;180<BR />&nbsp; First TCP packet not SYN (tcp-not-syn) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 114<BR />&nbsp; TCP RST/FIN out of order (tcp-rstfin-ooo) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8<BR />&nbsp; TCP RST/SYN in window (tcp-rst-syn-in-win) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3<BR />&nbsp; IPSEC tunnel is down (ipsec-tun-down) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;109<BR />&nbsp; Slowpath security checks failed (sp-security-failed) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 64076<BR />&nbsp; Interface is down (interface-down) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2<BR />&nbsp; Non-IP packet received in routed mode (non-ip-pkt-in-routed-mode) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1<BR />&nbsp; Dropped pending packets in a closed socket (np-socket-closed) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 13</P><P>Last clearing: Never</P><P>Flow drop:<BR />&nbsp; Need to start IKE negotiation (need-ike) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;56<BR />&nbsp; Inspection failure (inspect-fail) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3072</P><P>Last clearing: Never</P> Tue, 12 Mar 2019 06:46:11 GMT esa_fresa 2019-03-12T06:46:11Z https://community.cisco.com/t5/network-security/asa-high-bps-in-on-outside-interface/m-p/2769478#M166741 <P>A couple of days ago the receiving interface utilization on our ASA's outside interface spiked to over 100 times what's normal. Below are some show commands I ran. I'm not great with firewalls, so any help at all is appreciated.</P><P>&nbsp;</P><P># show traffic<BR />inside:<BR />&nbsp; &nbsp; &nbsp; &nbsp; received (in 157419.900 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 392718 packets &nbsp;79601094 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2 pkts/sec &nbsp; &nbsp; &nbsp;14 bytes/sec<BR />&nbsp; &nbsp; &nbsp; &nbsp; transmitted (in 157419.900 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 218752 packets &nbsp;21963534 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1 pkts/sec &nbsp; &nbsp; &nbsp;3 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute input rate 2 pkts/sec, &nbsp;240 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute output rate 1 pkts/sec, &nbsp;103 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute drop rate, 0 pkts/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute input rate 5 pkts/sec, &nbsp;1137 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute output rate 3 pkts/sec, &nbsp;332 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute drop rate, 1 pkts/sec</P><P>outside:<BR />&nbsp; &nbsp; &nbsp; &nbsp; received (in 157419.930 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 204561925 packets &nbsp; &nbsp; &nbsp; 9440820414 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1026 pkts/sec &nbsp; 59017 bytes/sec<BR />&nbsp; &nbsp; &nbsp; &nbsp; transmitted (in 157419.930 secs):<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 278947 packets &nbsp;94372148 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1 pkts/sec &nbsp; &nbsp; &nbsp;26 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute input rate 732 pkts/sec, &nbsp;33832 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute output rate 1 pkts/sec, &nbsp;234 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute drop rate, 319 pkts/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute input rate 937 pkts/sec, &nbsp;43566 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute output rate 4 pkts/sec, &nbsp;1320 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute drop rate, 474 pkts/sec</P><P>&nbsp;</P><P># show resource usage<BR />Resource &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Current &nbsp; &nbsp; &nbsp; &nbsp; Peak &nbsp; &nbsp; &nbsp;Limit &nbsp; &nbsp; &nbsp; &nbsp;Denied Context<BR />SSH &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Syslogs [rate] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1 &nbsp; &nbsp; &nbsp; &nbsp; 3081 &nbsp; &nbsp; &nbsp; &nbsp;N/A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Conns &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;39 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 67 &nbsp; &nbsp; &nbsp;10000 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Xlates &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8 &nbsp; &nbsp; &nbsp; &nbsp;N/A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System<BR />Hosts &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;12 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 14 &nbsp; &nbsp; &nbsp; &nbsp;N/A &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 System</P><P>&nbsp;</P><P>&nbsp;</P><P># show inter out det<BR />Interface Vlan2 "outside", is up, line protocol is up<BR />&nbsp; Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec<BR />&nbsp; &nbsp; &nbsp; &nbsp; MAC address c471.fe4a.2062, MTU 1500<BR />&nbsp; &nbsp; &nbsp; &nbsp; IP address 74.213.161.150, subnet mask 255.255.255.240<BR />&nbsp; Traffic Statistics for "outside":<BR />&nbsp; &nbsp; &nbsp; &nbsp; 203719444 packets input, 9401777193 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; 275162 packets output, 93454007 bytes<BR />&nbsp; &nbsp; &nbsp; &nbsp; 119693306 packets dropped<BR />&nbsp; &nbsp; &nbsp; 1 minute input rate 716 pkts/sec, &nbsp;33133 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute output rate 1 pkts/sec, &nbsp;271 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 1 minute drop rate, 302 pkts/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute input rate 803 pkts/sec, &nbsp;37282 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute output rate 3 pkts/sec, &nbsp;1046 bytes/sec<BR />&nbsp; &nbsp; &nbsp; 5 minute drop rate, 340 pkts/sec<BR />&nbsp; Control Point Interface States:<BR />&nbsp; &nbsp; &nbsp; &nbsp; Interface number is 16<BR />&nbsp; &nbsp; &nbsp; &nbsp; Interface config status is active<BR />&nbsp; &nbsp; &nbsp; &nbsp; Interface state is active</P><P>&nbsp;</P><P># show asp drop</P><P>Frame drop:<BR />&nbsp; Punt rate limit exceeded (punt-rate-limit) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 119827225<BR />&nbsp; Flow is denied by configured rule (acl-drop) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 14638<BR />&nbsp; Invalid SPI (np-sp-invalid-spi) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;180<BR />&nbsp; First TCP packet not SYN (tcp-not-syn) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 114<BR />&nbsp; TCP RST/FIN out of order (tcp-rstfin-ooo) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8<BR />&nbsp; TCP RST/SYN in window (tcp-rst-syn-in-win) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3<BR />&nbsp; IPSEC tunnel is down (ipsec-tun-down) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;109<BR />&nbsp; Slowpath security checks failed (sp-security-failed) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 64076<BR />&nbsp; Interface is down (interface-down) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2<BR />&nbsp; Non-IP packet received in routed mode (non-ip-pkt-in-routed-mode) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1<BR />&nbsp; Dropped pending packets in a closed socket (np-socket-closed) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 13</P><P>Last clearing: Never</P><P>Flow drop:<BR />&nbsp; Need to start IKE negotiation (need-ike) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;56<BR />&nbsp; Inspection failure (inspect-fail) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3072</P><P>Last clearing: Never</P> Tue, 12 Mar 2019 06:46:11 GMT https://community.cisco.com/t5/network-security/asa-high-bps-in-on-outside-interface/m-p/2769478#M166741 esa_fresa 2019-03-12T06:46:11Z https://community.cisco.com/t5/network-security/asa-high-bps-in-on-outside-interface/m-p/2769479#M166742 <P>Hello,</P><P>&nbsp;</P><P>You can use enable threat detection from ASDM and enable top 10 source/destinations, this will provide you IP addresses that are sending most of the traffic through the ASA:</P><P>&nbsp;</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/protect_threat.html#wp1104293</P><P>&nbsp;</P><P>Also it will be good to see the stats for outside physical interface, if it's an ASA5505 you can do "show interface fa&nbsp;0/0"</P><P>&nbsp;</P><P>Maybe check any new traffic that could be passing through the ASA.</P><P>&nbsp;</P><P>Regards,</P><P>Harvey</P><P>&nbsp;</P> Sat, 24 Oct 2015 23:36:35 GMT https://community.cisco.com/t5/network-security/asa-high-bps-in-on-outside-interface/m-p/2769479#M166742 Harvey 2015-10-24T23:36:35Z