Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3641
Views
9
Helpful
7
Replies

Internet Connection Became Slow after Introduction of Cisco ASA 5505 to the Network

Moule Ayalew
Level 1
Level 1

‎11-25-2013 05:05 AM - edited ‎03-11-2019 08:09 PM

I configured a Cisco ASA 5505 (Version Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

in transparent firewall mode and inserted after Cisco 1700 router. However, the internet connection became very slow and users are compaining that they cannot load any pages.

My setup looks like:

Internet --> Cisco 1700 --> Cisco ASA 5505 --> LAN

The license information is:

Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs                       : 3, DMZ Restricted
Inside Hosts                : Unlimited
Failover                    : Disabled
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
VPN Peers                   : 10
WebVPN Peers                : 2
Dual ISPs                   : Disabled
VLAN Trunk Ports            : 0

This platform has a Base license.

The flash activation key is the SAME as the running key.

My running-config looks like:

ASA Version 7.2(3)

!

firewall transparent

hostname ciscoasa

domain-name default.domain.invalid

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Vlan1

nameif inside

security-level 100

no shut

!

interface Vlan2

nameif outside

security-level 0

no shut

!

interface Ethernet0/0

switchport access vlan 2

no shut

!

interface Ethernet0/1

no shut

!

interface Ethernet0/2

no shut

!

interface Ethernet0/3

no shut

!

interface Ethernet0/4

no shut

!

interface Ethernet0/5

no shut

!

interface Ethernet0/6

no shut

!

interface Ethernet0/7

no shut

!

passwd 2KFQnbNIdI.2KYOU encrypted

regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"

regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]"

regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]"

regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]"

regex domainlist1 "\.facebook\.com"

regex domainlist2 "\.diretube\.com"

regex domainlist3 "\.youtube\.com"

regex domainlist4 "\.vimeo\.com"

regex applicationheader "application/.*"

regex contenttype "Content-Type"

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list outside_in extended permit ip any any

access-list inside_mpc extended permit tcp any any eq www

access-list inside_mpc extended permit tcp any any eq 8080

pager lines 24

mtu outside 1500

mtu inside 1500

ip address 192.168.1.254 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map type regex match-any DomainBlockList

match regex domainlist1

match regex domainlist2

match regex domainlist3

match regex domainlist4

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

class-map type regex match-any URLBlockList

match regex urllist1

match regex urllist2

match regex urllist3

match regex urllist4

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all AppHeaderClass

match response header regex contenttype regex applicationheader

class-map httptraffic

match access-list inside_mpc

class-map type inspect http match-all BlockURLsClass

match request uri regex class URLBlockList

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map type inspect http http_inspection_policy

parameters

  protocol-violation action drop-connection

class AppHeaderClass

  drop-connection log

match request method connect

  drop-connection log

class BlockDomainsClass

  reset log

class BlockURLsClass

  reset log

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

policy-map inside-policy

class httptraffic

  inspect http http_inspection_policy

!

service-policy global_policy global

service-policy inside-policy interface inside

prompt hostname context

Cryptochecksum:8ab1a53df6ae3c202aee236d6080edfd

: end

Could the slow internet connection be due to license limitations? Or is there something wrong with my configuration?

Please see the configuration and help.

Thanks

Labels:
0 Helpful
7 Replies 7

jumora
Level 7
Level 7

‎11-25-2013 05:08 AM

show tech would be the first thing I need,, the running configuration does not give interface statistics. Then we need logs

Value our effort and rate the assistance!

Value our effort and rate the assistance!

Moule Ayalew
Level 1
Level 1
In response to jumora

‎11-25-2013 10:42 PM

Dear Jumora,

Please see my sh tech-support below:

ciscoasa# sh tech

ciscoasa# sh tech-support

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 2 days 9 hours

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2

                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0    : address is 001f.9ee8.ffa2, irq 11

1: Ext: Ethernet0/0         : address is 001f.9ee8.ff9a, irq 255

2: Ext: Ethernet0/1         : address is 001f.9ee8.ff9b, irq 255

3: Ext: Ethernet0/2         : address is 001f.9ee8.ff9c, irq 255

4: Ext: Ethernet0/3         : address is 001f.9ee8.ff9d, irq 255

5: Ext: Ethernet0/4         : address is 001f.9ee8.ff9e, irq 255

6: Ext: Ethernet0/5         : address is 001f.9ee8.ff9f, irq 255

7: Ext: Ethernet0/6         : address is 001f.9ee8.ffa0, irq 255

8: Ext: Ethernet0/7         : address is 001f.9ee8.ffa1, irq 255

9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs                       : 3, DMZ Restricted

Inside Hosts                : Unlimited

Failover                    : Disabled

VPN-DES                     : Enabled

VPN-3DES-AES                : Enabled

VPN Peers                   : 10

WebVPN Peers                : 2

Dual ISPs                   : Disabled

VLAN Trunk Ports            : 0

This platform has a Base license.

Configuration register is 0x1

Configuration last modified by enable_15 at 22:14:39.130 UTC Sun Nov 24 2013

------------------ show clock ------------------

03:48:57.311 UTC Mon Nov 25 2013

------------------ show memory ------------------

Free memory:       200320224 bytes (75%)

Used memory:        68115232 bytes (25%)

-------------     ----------------

Total memory:      268435456 bytes (100%)

------------------ show conn count ------------------

0 in use, 1906 most used

------------------ show xlate count ------------------

0 in use, 0 most used

------------------ show blocks ------------------

  SIZE    MAX    LOW    CNT

     0    100     85    100

     4    300    299    299

    80    100     83    100

   256    100     95    100

  1550   6174   6166   6174

  2048   1124    573    616

  4096      1      0      1

------------------ show blocks queue history detail ------------------

History buffer memory usage: 2136 bytes (default)

------------------ show interface ------------------

Interface Internal-Data0/0 "", is up, line protocol is up

  Hardware is y88acs06, BW 1000 Mbps

        (Full-duplex), (1000 Mbps)

        MAC address 001f.9ee8.ffa2, MTU not set

        IP address unassigned

        17079962 packets input, 8558482951 bytes, 0 no buffer

        Received 494604 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops, 0 demux drops

        15959953 packets output, 7372263743 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops

        input queue (curr/max packets): hardware (4/0) software (0/0)

        output queue (curr/max packets): hardware (0/48) software (0/0)

  Control Point Interface States:

        Interface number is unassigned

Interface Internal-Data0/1 "", is administratively down, line protocol is up

  Hardware is 88E6095, BW 1000 Mbps

        (Full-duplex), (1000 Mbps)

        MAC address 0000.0003.0002, MTU not set

        IP address unassigned

        15959953 packets input, 7372263743 bytes, 0 no buffer

        Received 471127 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        3 switch ingress policy drops

        17079962 packets output, 8558482951 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Loopback0 "_internal_loopback", is up, line protocol is up

  Hardware is Virtual   MAC address 0000.0000.0000, MTU 1500

        IP address 127.1.0.1, subnet mask 255.255.0.0

  Traffic Statistics for "_internal_loopback":

        1 packets input, 28 bytes

        1 packets output, 28 bytes

        1 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Control Point Interface States:

        Interface number is 28

        Interface config status is active

        Interface state is active

Interface Vlan1 "inside", is down, line protocol is down

  Hardware is EtherSVI

        MAC address 001f.9ee8.ffa2, MTU 1500

        IP address 192.168.1.254, subnet mask 255.255.255.0

  Traffic Statistics for "inside":

        8490260 packets input, 1658489960 bytes

        7610299 packets output, 5405779613 bytes

        658431 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Control Point Interface States:

        Interface number is 1

        Interface config status is active

        Interface state is not active

Interface Vlan2 "outside", is down, line protocol is down

  Hardware is EtherSVI

        MAC address 001f.9ee8.ffa3, MTU 1500

        IP address 192.168.1.254, subnet mask 255.255.255.0

  Traffic Statistics for "outside":

        8589688 packets input, 6502943636 bytes

        8349654 packets output, 1608210058 bytes

        1003306 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Control Point Interface States:

        Interface number is 2

        Interface config status is active

        Interface state is not active

Interface Ethernet0/0 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ff9a, MTU not set

        IP address unassigned

        8589695 packets input, 6663872896 bytes, 0 no buffer

        Received 22 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        8349605 packets output, 1773664373 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/1 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ff9b, MTU not set

        IP address unassigned

        364235 packets input, 58888172 bytes, 0 no buffer

        Received 4118 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        1398286 packets output, 201492407 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/2 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ff9c, MTU not set

        IP address unassigned

        6068983 packets input, 913041132 bytes, 0 no buffer

        Received 482223 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        5164437 packets output, 3844765234 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/3 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ff9d, MTU not set

        IP address unassigned

        2112882 packets input, 858333938 bytes, 0 no buffer

        Received 8280 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        3231916 packets output, 1740272873 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/4 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ff9e, MTU not set

        IP address unassigned

        0 packets input, 0 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        0 packets output, 0 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/5 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ff9f, MTU not set

        IP address unassigned

        0 packets input, 0 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        0 packets output, 0 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/6 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ffa0, MTU not set

        IP address unassigned

        0 packets input, 0 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        0 packets output, 0 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

Interface Ethernet0/7 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

        Auto-Duplex, Auto-Speed

        Available but not configured via nameif

        MAC address 001f.9ee8.ffa1, MTU not set

        IP address unassigned

        0 packets input, 0 bytes, 0 no buffer

        Received 0 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 switch ingress policy drops

        0 packets output, 0 bytes, 0 underruns

        0 output errors, 0 collisions, 0 interface resets

        0 babbles, 0 late collisions, 0 deferred

        0 lost carrier, 0 no carrier

        0 rate limit drops

        0 switch egress policy drops

  Control Point Interface States:

        Interface number is unassigned

------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 12%; 1 minute: 9%; 5 minutes: 9%

------------------ show cpu hogging process ------------------

Process:      Dispatch Unit, NUMHOG: 1, MAXHOG: 132, LASTHOG: 140

LASTHOG At:   18:45:00 UTC Nov 22 2013

PC:           107cb1c

Traceback:    adce9d  1072fa6  8bcf69  8bee5d  8bf553  302a8f  3030a5

              2fad69  7674bf  75ca16  c6251d  c62a4c  c62f6c  75c653

------------------ show process ------------------

    PC       SP       STATE       Runtime    SBASE     Stack Process

Mwe 00c9bb24 01bb8700 013e3250          0 01733fc8 15616/16384 emweb/cifs

Lwe 001072ac 0176f9c4 013e32d0          0 0176d9f0 8132/8192 block_diag

Mrd 00223a67 01783d5c 013e33b0     447020 0177be18 25752/32768 Dispatch Unit

Msi 00f82847 01b07b84 013e3250        764 01b05bc0 7984/8192 y88acs06 OneSec Thread

Mwe 0011b1a5 01b09cfc 013e3250          0 01b07d88 7864/8192 Reload Control Thread

Mwe 00120606 01b1260c 013e5258          0 01b10988 7256/8192 aaa

Mwe 001486aa 01b19404 013e5ae8          0 01b15450 16020/16384 CMGR Server Process

Mwe 0014c3c5 01b1b4d4 013e3250          0 01b19570 7968/8192 CMGR Timer Process

Lwe 002227a1 01b239b4 013ee360          0 01b219f0 7524/8192 dbgtrace

Mwe 004e1ba5 01b29c34 013e3250        151 01b27d50 6448/8192 eswilp_svi_init

Mwe 01064b1d 01b4a7f4 013e3250          0 01b48890 7848/8192 Chunk Manager

Msi 008b61b6 01b52d54 013e3250        776 01b50da0 7856/8192 PIX Garbage Collector

Lsi 00ecb6ac 01b54e94 013e3250         48 01b52ec0 7552/8192 route_process

Mwe 008a5ddc 01b5dc04 0133b430          0 01b5bc40 8116/8192 IP Address Assign

Mwe 00acb779 01b60604 01346e10          0 01b5e640 8116/8192 QoS Support Module

Mwe 0091eba9 01b6275c 0133c530          0 01b60798 8116/8192 Client Update Task

Lwe 01083c8e 01b656d4 013e3250     494522 01b63770 7828/8192 Checkheaps

Mwe 00acfd7d 01b6b824 013e3250        608 01b69ad0 3460/8192 Quack process

Mwe 00b2a260 01b6dad4 013e3250         87 01b6bbf0 7364/8192 Session Manager

Mwe 00c55efd 01b78564 031d0478          4 01b74a50 14768/16384 uauth

Mwe 00be3c9e 01b7aaec 0135c010          0 01b78b28 7524/8192 Uauth_Proxy

Mwe 00c52759 01b80e0c 01361770          0 01b7ee88 7712/8192 SMTP

Mwe 00c3f7b9 01b82eec 01361710          0 01b80fa8 7412/8192 Logger

Mwe 00c3fd26 01b8502c 013e3250          0 01b830c8 7492/8192 Thread Logger

Mwe 00f62272 01b9596c 013ac520          0 01b939c8 7188/8192 vpnlb_thread

Msi 00b4097c 01c598c4 013e3250        674 01c578f0 8000/8192 emweb/cifs_timer

Msi 005bd338 017a909c 013e3250     101644 017a7108 7344/8192 arp_timer

Mwe 005c76bc 01b486e4 013fba50      32544 01b46770 7348/8192 arp_forward_thread

Mwe 00c5a919 023fa5fc 013619e0          0 023f8648 7968/8192 tcp_fast

Mwe 00c5a6e5 023fc624 013619e0          0 023fa670 7968/8192 tcp_slow

Mwe 00c754d1 0240d42c 013628a0          0 0240b478 8100/8192 udp_timer

Mwe 0019cb17 01b404a4 013e3250          0 01b3e530 7984/8192 CTCP Timer process

Mwe 00efe8b3 0308c15c 013e3250          0 0308a208 7952/8192 L2TP data daemon

Mwe 00efef23 0308e194 013e3250          0 0308c230 7968/8192 L2TP mgmt daemon

Mwe 00eea02b 030c62ac 013a5c10        143 030c2338 16180/16384 ppp_timer_thread

Msi 00f62d57 030c82f4 013e3250        970 030c6360 7936/8192 vpnlb_timer_thread

Mwe 001b96e6 01b7cbbc 01b1e9c8          1 01b7ac48 7728/8192 IPsec message handler

Msi 001c9bac 01b8d4dc 013e3250      11025 01b8b548 7604/8192 CTM message handler

Mwe 00af93b8 031465b4 013e3250          0 03144640 7984/8192 ICMP event handler

Mwe 00831003 0314a724 013e3250       1713 031467b0 14684/16384 IP Background

Mwe 0021b267 031a83c4 013123c0         38 03188450 123488/131072 tmatch compile thread

Mwe 009f2405 03290044 013e3250          0 0328c0c0 16072/16384 Crypto PKI RECV

Mwe 009f305a 03294144 013e3250          0 032901e0 16040/16384 Crypto CA

Mwe 0064d4fd 01b3e24c 013e3250         71 01b3c2f8 7508/8192 ESW_MRVL switch interrupt service

Msi 00646f5c 032c134c 013e3250   12332945 032bf448 7184/8192 esw_stats

Lsi 008cbb80 032dc704 013e3250         13 032da730 8000/8192 uauth_urlb clean

Lwe 008afee7 034a0914 013e3250        765 0349e9b0 6636/8192 pm_timer_thread

Mwe 0052f0bf 034a35ac 013e3250          0 034a1648 7968/8192 IKE Timekeeper

Mwe 00520f6b 034a8adc 0132e2b0          0 034a4e38 15448/16384 IKE Daemon

Mwe 00bf5c78 034ac7ac 01360680          0 034aa7f8 8100/8192 RADIUS Proxy Event Daemon

Mwe 00bc32de 034ae79c 034dcbe0          1 034ac918 7208/8192 RADIUS Proxy Listener

Mwe 00bf5e0f 034b099c 013e3250          0 034aea38 7968/8192 RADIUS Proxy Time Keeper

Mwe 005aac4c 034b3154 013fb980          0 034b1250 7492/8192 Integrity FW Task

M*  008550a5 0009fefc 013e33b0       3800 034e3b20 25416/32768 ci/console

Msi 008eb694 034ed9d4 013e3250       9213 034ebc40 6176/8192 update_cpu_usage

Msi 008e6415 034f7dac 013e3250       4165 034f5eb8 5468/8192 NIC status poll

Mwe 005b63e6 03517d1c 013fbd10       3372 03515d78 7644/8192 IP Thread

Mwe 005becbe 03519e4c 013fbcb0        183 03517e98 7384/8192 ARP Thread

Mwe 004c2b36 0351befc 013fbae0          0 03519fe8 6264/8192 icmp_thread

Mwe 00c7722e 0351e06c 013e3250          0 0351c108 7848/8192 udp_thread

Mwe 00c5d126 0352008c 013fbd00          0 0351e228 7688/8192 tcp_thread

Mwe 00bc32de 03a6984c 03a5d320          1 03a679d8 7512/8192 EAPoUDP-sock

Mwe 00266c15 03a6b634 013e3250          0 03a69a00 7032/8192 EAPoUDP

Mwe 005a6728 034fc05c 013e3250          0 034fa0f8 7968/8192 Integrity Fw Timer Thread

-     -        -         -     192323603    -         -     scheduler

-     -        -         -     205779986    -         -     total elapsed

------------------ show failover ------------------

ERROR: Command requires failover license

------------------ show traffic ------------------

inside:

        received (in 206579.610 secs):

                8490260 packets 1658489960 bytes

                20 pkts/sec     8007 bytes/sec

        transmitted (in 206579.610 secs):

                7610299 packets 5405779613 bytes

                16 pkts/sec     26001 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

outside:

        received (in 206579.610 secs):

                8589688 packets 6502943636 bytes

                20 pkts/sec     31000 bytes/sec

        transmitted (in 206579.610 secs):

                8349654 packets 1608210058 bytes

                19 pkts/sec     7015 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

_internal_loopback:

        received (in 206581.000 secs):

                1 packets       28 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 206581.000 secs):

                1 packets       28 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

----------------------------------------

Aggregated Traffic on Physical Interface

----------------------------------------

Ethernet0/0:

        received (in 206582.530 secs):

                8589695 packets 6663872896 bytes

                20 pkts/sec     32008 bytes/sec

        transmitted (in 206582.530 secs):

                8349605 packets 1773664373 bytes

                19 pkts/sec     8003 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/1:

        received (in 206582.530 secs):

                364235 packets  58888172 bytes

                1 pkts/sec      14 bytes/sec

        transmitted (in 206582.530 secs):

                1398286 packets 201492407 bytes

                6 pkts/sec      18 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/2:

        received (in 206593.380 secs):

                6068983 packets 913041132 bytes

                8 pkts/sec      4003 bytes/sec

        transmitted (in 206593.380 secs):

                5164437 packets 3844765234 bytes

                4 pkts/sec      18007 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/3:

        received (in 206593.380 secs):

                2112882 packets 858333938 bytes

                10 pkts/sec     4009 bytes/sec

        transmitted (in 206593.380 secs):

                3231916 packets 1740272873 bytes

                15 pkts/sec     8007 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/4:

        received (in 206594.260 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 206594.260 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/5:

        received (in 206594.260 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 206594.260 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/6:

        received (in 206594.470 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 206594.470 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/7:

        received (in 206594.470 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

        transmitted (in 206594.470 secs):

                0 packets       0 bytes

                0 pkts/sec      0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/0:

        received (in 206594.670 secs):

                17079962 packets        8558482951 bytes

                20 pkts/sec     41010 bytes/sec

        transmitted (in 206594.670 secs):

                15959953 packets        7372263743 bytes

                14 pkts/sec     35019 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/1:

        received (in 206594.670 secs):

                15959953 packets        7372263743 bytes

                14 pkts/sec     35019 bytes/sec

        transmitted (in 206594.670 secs):

                17079962 packets        8558482951 bytes

                20 pkts/sec     41010 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

------------------ show perfmon ------------------

PERFMON STATS:    Current      Average

Xlates               0/s          0/s

Connections          0/s          4/s

TCP Conns            0/s          3/s

UDP Conns            0/s          0/s

URL Access           0/s          0/s

URL Server Req       0/s          0/s

TCP Fixup            0/s         20/s

TCP Intercept        0/s          0/s

HTTP Fixup           0/s          0/s

FTP Fixup            0/s          0/s

AAA Authen           0/s          0/s

AAA Author           0/s          0/s

AAA Account          0/s          0/s

------------------ show counters ------------------

Protocol     Counter                     Value   Context

IP           IN_PKTS                  265330   Summary

IP           OUT_PKTS                 263336   Summary

IP           TO_ARP                     3393   Summary

IP           TO_ICMP                       3   Summary

ICMP         IN_PKTS                       3   Summary

ICMP         OUT_PKTS                      2   Summary

------------------ show history ------------------

  sh activation-key

  This platform has a Base license.

  sh

  sh version

  sh interface detail

  sh run

  sh interface vlan 1

  sh activation-key

  sh run

  conf t

  no service-policy global

  no service-policy global_policy global

  int vlan 1

  exit

  int e0/0

  end

  sh run

  sh tech-support

------------------ show firewall ------------------

Firewall mode: Transparent

------------------ show running-config ------------------

: Saved

:

ASA Version 7.2(3)

!

firewall transparent

hostname ciscoasa

domain-name default.domain.invalid

enable password

names

!

interface Vlan1

nameif inside

security-level 100

!

interface Vlan2

nameif outside

security-level 0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd

regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"

regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]"

regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]"

regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]"

regex domainlist1 "\.facebook\.com"

regex domainlist2 "\.diretube\.com"

regex domainlist3 "\.youtube\.com"

regex domainlist4 "\.vimeo\.com"

regex applicationheader "application/.*"

regex contenttype "Content-Type"

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list outside_in extended permit ip any any

access-list inside_mpc extended permit tcp any any eq www

access-list inside_mpc extended permit tcp any any eq 8080

pager lines 24

mtu inside 1500

mtu outside 1500

ip address 192.168.1.254 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-523.bin

no asdm history enable

arp timeout 14400

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map type regex match-any DomainBlockList

match regex domainlist1

match regex domainlist2

match regex domainlist3

match regex domainlist4

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

class-map type regex match-any URLBlockList

match regex urllist1

match regex urllist2

match regex urllist3

match regex urllist4

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all AppHeaderClass

match response header regex contenttype regex applicationheader

class-map httptraffic

match access-list inside_mpc

class-map type inspect http match-all BlockURLsClass

match request uri regex class URLBlockList

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map type inspect http http_inspection_policy

parameters

  protocol-violation action drop-connection

class AppHeaderClass

  drop-connection log

match request method connect

  drop-connection log

class BlockDomainsClass

  reset log

class BlockURLsClass

  reset log

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

policy-map inside-policy

class httptraffic

  inspect http http_inspection_policy

!

service-policy inside-policy interface inside

prompt hostname context

Cryptochecksum:a50f933fb4c939892d57a774e499cf91

: end

------------------ show startup-config errors ------------------

INFO: No configuration errors

------------------ console logs ------------------

Message #1 : Message #2 : Message #3 : Message #4 : Message #5 : Message #6 : Message #7 : Message #8 : Message #9 : Message #10 : Message #11 : Message #12 : Message #13 : Message #14 :

Total SSMs found: 0

Message #15 :

Total NICs found: 10

Message #16 : 88E6095 rev 2 Gigabit Ethernet @ index 09Message #17 :  MAC: 0000.0003.0002

Message #18 : 88E6095 rev 2 Ethernet @ index 08Message #19 :  MAC: 001f.9ee8.ffa1

Message #20 : 88E6095 rev 2 Ethernet @ index 07Message #21 :  MAC: 001f.9ee8.ffa0

Message #22 : 88E6095 rev 2 Ethernet @ index 06Message #23 :  MAC: 001f.9ee8.ff9f

Message #24 : 88E6095 rev 2 Ethernet @ index 05Message #25 :  MAC: 001f.9ee8.ff9e

Message #26 : 88E6095 rev 2 Ethernet @ index 04Message #27 :  MAC: 001f.9ee8.ff9d

Message #28 : 88E6095 rev 2 Ethernet @ index 03Message #29 :  MAC: 001f.9ee8.ff9c

Message #30 : 88E6095 rev 2 Ethernet @ index 02Message #31 :  MAC: 001f.9ee8.ff9b

Message #32 : 88E6095 rev 2 Ethernet @ index 01Message #33 :  MAC: 001f.9ee8.ff9a

Message #34 : y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 001f.9ee8.ffa2

Message #35 :

Licensed features for this platform:

Message #36 : Maximum Physical Interfaces : 8

Message #37 : VLANs                       : 3, DMZ Restricted

Message #38 : Inside Hosts                : Unlimited

Message #39 : Failover                    : Disabled

Message #40 : VPN-DES                     : Enabled

Message #41 : VPN-3DES-AES                : Enabled

Message #42 : VPN Peers                   : 10

Message #43 : WebVPN Peers                : 2

Message #44 : Dual ISPs                   : Disabled

Message #45 : VLAN Trunk Ports            : 0

Message #46 :

This platform has a Base license.

Message #47 :

Message #48 : Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Message #49 :                              Boot microcode   : CNlite-MC-Boot-Cisco-1.2

Message #50 :                              SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

Message #51 :                              IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

Message #52 :   --------------------------------------------------------------------------

Message #53 :                                  .            .

Message #54 :                                  |            |

Message #55 :                                 |||          |||

Message #56 :                               .|| ||.      .|| ||.

Message #57 :                            .:||| | |||:..:||| | |||:.

Message #58 :                             C i s c o  S y s t e m s

Message #59 :   --------------------------------------------------------------------------

Message #60 :

Cisco Adaptive Security Appliance Software Version 7.2(3)

Message #61 :

Message #62 :   ****************************** Warning *******************************

Message #63 :   This product contains cryptographic features and is

Message #64 :   subject to United States and local country laws

Message #65 :   governing, import, export, transfer, and use.

Message #66 :   Delivery of Cisco cryptographic products does not

Message #67 :   imply third-party authority to import, export,

Message #68 :   distribute, or use encryption. Importers, exporters,

Message #69 :   distributors and users are responsible for compliance

Message #70 :   with U.S. and local country laws. By using this

Message #71 :   product you agree to comply with applicable laws and

Message #72 :   regulations. If you are unable to comply with U.S.

Message #73 :   and local laws, return the enclosed items immediately.

Message #74 :

Message #75 :   A summary of U.S. laws governing Cisco cryptographic

Message #76 :   products may be found at:

Message #77 :   http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Message #78 :

Message #79 :   If you require further assistance please contact us by

Message #80 :   sending email to export@cisco.com.

Message #81 :   ******************************* Warning *******************************

Message #82 :

Message #83 : Copyright (c) 1996-2007 by Cisco Systems, Inc.

Message #84 :                 Restricted Rights Legend

Message #85 : Use, duplication, or disclosure by the Government is

Message #86 : subject to restrictions as set forth in subparagraph

Message #87 : (c) of the Commercial Computer Software - Restricted

Message #88 : Rights clause at FAR sec. 52.227-19 and subparagraph

Message #89 : (c) (1) (ii) of the Rights in Technical Data and Computer

Message #90 : Software clause at DFARS sec. 252.227-7013.

Message #91 :                 Cisco Systems, Inc.

Message #92 :                 170 West Tasman Drive

Message #93 :                 San Jose, California 95134-1706

0 Helpful

jumora
Level 7
Level 7
In response to Moule Ayalew

‎11-26-2013 06:57 AM


The outputs don´t tell me much because the interfaces are disconnected, there are a couple of bugs on 7.2.3 that kill device forwarding traffic but not related to network degradation, meaning you would need to connect the device and we would need to troubleshoot.

Value our effort and rate the assistance!

Value our effort and rate the assistance!

Moule Ayalew
Level 1
Level 1
In response to jumora

‎11-26-2013 11:34 PM

I have re-configured the ASA 5505 yesterday and so far it's working fine. I am not sure if the problem will re-appear later on. Anyways here is my sh tech-support

ciscoasa# sh tech-support

Cisco Adaptive Security Appliance Software Version 7.2(3)

Device Manager Version 5.2(3)

Compiled on Wed 15-Aug-07 16:08 by builders

System image file is "disk0:/asa723-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 14 hours 16 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2

                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0    : address is 001f.9ee8.ffa2, irq 11

1: Ext: Ethernet0/0         : address is 001f.9ee8.ff9a, irq 255

2: Ext: Ethernet0/1         : address is 001f.9ee8.ff9b, irq 255

3: Ext: Ethernet0/2         : address is 001f.9ee8.ff9c, irq 255

4: Ext: Ethernet0/3         : address is 001f.9ee8.ff9d, irq 255

5: Ext: Ethernet0/4         : address is 001f.9ee8.ff9e, irq 255

6: Ext: Ethernet0/5         : address is 001f.9ee8.ff9f, irq 255

<--- More --->

7: Ext: Ethernet0/6         : address is 001f.9ee8.ffa0, irq 255

8: Ext: Ethernet0/7         : address is 001f.9ee8.ffa1, irq 255

9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8        

VLANs                       : 3, DMZ Restricted

Inside Hosts                : Unlimited

Failover                    : Disabled

VPN-DES                     : Enabled  

VPN-3DES-AES                : Enabled  

VPN Peers                   : 10       

WebVPN Peers                : 2        

Dual ISPs                   : Disabled 

VLAN Trunk Ports            : 0        

This platform has a Base license.

Serial Number: JMX1211Z2N4

Running Activation Key: 0xaf0ed046 0xbcf18ebf 0x80b38508 0xba785cc0 0x05250493

Configuration register is 0x1

Configuration has not been modified since last system restart.

<--- More --->

------------------ show clock ------------------

18:32:58.254 UTC Tue Nov 26 2013

------------------ show memory ------------------

Free memory:       199837144 bytes (74%)

Used memory:        68598312 bytes (26%)

-------------     ----------------

Total memory:      268435456 bytes (100%)

------------------ show conn count ------------------

1041 in use, 2469 most used

------------------ show xlate count ------------------

0 in use, 0 most used

------------------ show blocks ------------------

  SIZE    MAX    LOW    CNT

     0    100     68    100

<--- More --->

     4    300    299    299

    80    100     92    100

   256    100     94    100

  1550   6174   6166   6174

  2048   1124    551    612

------------------ show blocks queue history detail ------------------

History buffer memory usage: 2136 bytes (default)

------------------ show interface ------------------

Interface Internal-Data0/0 "", is up, line protocol is up

  Hardware is y88acs06, BW 1000 Mbps

(Full-duplex), (1000 Mbps)

MAC address 001f.9ee8.ffa2, MTU not set

IP address unassigned

18491855 packets input, 11769262614 bytes, 0 no buffer

Received 213772 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops, 0 demux drops

18185861 packets output, 11626494317 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 late collisions, 0 deferred

<--- More --->

0 input reset drops, 0 output reset drops

input queue (curr/max packets): hardware (0/0) software (0/0)

output queue (curr/max packets): hardware (0/55) software (0/0)

  Control Point Interface States:

Interface number is unassigned

Interface Internal-Data0/1 "", is administratively down, line protocol is up

  Hardware is 88E6095, BW 1000 Mbps

(Full-duplex), (1000 Mbps)

MAC address 0000.0003.0002, MTU not set

IP address unassigned

18184216 packets input, 11625360131 bytes, 0 no buffer

Received 206655 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 switch ingress policy drops

18490057 packets output, 11768078777 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Loopback0 "_internal_loopback", is up, line protocol is up

  Hardware is VirtualMAC address 0000.0000.0000, MTU 1500

IP address 127.1.0.1, subnet mask 255.255.0.0

<--- More --->

  Traffic Statistics for "_internal_loopback":

1 packets input, 28 bytes

1 packets output, 28 bytes

1 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Control Point Interface States:

Interface number is 28

Interface config status is active

Interface state is active

Interface Vlan1 "inside", is up, line protocol is up

  Hardware is EtherSVI

MAC address 001f.9ee8.ffa2, MTU 1500

IP address 192.168.1.254, subnet mask 255.255.255.0

  Traffic Statistics for "inside":

7742275 packets input, 903584114 bytes

10645034 packets output, 10347291114 bytes

184883 packets dropped

      1 minute input rate 320 pkts/sec,  35404 bytes/sec

      1 minute output rate 325 pkts/sec,  313317 bytes/sec

<--- More --->

      1 minute drop rate, 17 pkts/sec

      5 minute input rate 399 pkts/sec,  59676 bytes/sec

      5 minute output rate 483 pkts/sec,  503200 bytes/sec

      5 minute drop rate, 9 pkts/sec

  Control Point Interface States:

Interface number is 1

Interface config status is active

Interface state is active

Interface Vlan2 "outside", is up, line protocol is up

  Hardware is EtherSVI

MAC address 001f.9ee8.ffa3, MTU 1500

IP address 192.168.1.254, subnet mask 255.255.255.0

  Traffic Statistics for "outside":

10750090 packets input, 10432619059 bytes

7541331 packets output, 870613684 bytes

109911 packets dropped

      1 minute input rate 328 pkts/sec,  313770 bytes/sec

      1 minute output rate 301 pkts/sec,  32459 bytes/sec

      1 minute drop rate, 2 pkts/sec

      5 minute input rate 485 pkts/sec,  503789 bytes/sec

      5 minute output rate 387 pkts/sec,  57681 bytes/sec

      5 minute drop rate, 2 pkts/sec

  Control Point Interface States:

Interface number is 2

<--- More --->

Interface config status is active

Interface state is active

Interface Ethernet0/0 "", is up, line protocol is up

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

Available but not configured via nameif

MAC address 001f.9ee8.ff9a, MTU not set

IP address unassigned

10749794 packets input, 10630700889 bytes, 0 no buffer

Received 2506 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

3 switch ingress policy drops

7541070 packets output, 1028190148 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Ethernet0/1 "", is up, line protocol is up

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

<--- More --->

Available but not configured via nameif

MAC address 001f.9ee8.ff9b, MTU not set

IP address unassigned

7741977 packets input, 1064586806 bytes, 0 no buffer

Received 211282 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

10644663 packets output, 10543362751 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Ethernet0/2 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex, Auto-Speed

Available but not configured via nameif

MAC address 001f.9ee8.ff9c, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

<--- More --->

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Ethernet0/3 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex, Auto-Speed

Available but not configured via nameif

MAC address 001f.9ee8.ff9d, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

<--- More --->

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Ethernet0/4 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex, Auto-Speed

Available but not configured via nameif

MAC address 001f.9ee8.ff9e, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

<--- More --->

Interface number is unassigned

Interface Ethernet0/5 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex, Auto-Speed

Available but not configured via nameif

MAC address 001f.9ee8.ff9f, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Ethernet0/6 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex, Auto-Speed

Available but not configured via nameif

<--- More --->

MAC address 001f.9ee8.ffa0, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

0 switch ingress policy drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

Interface Ethernet0/7 "", is down, line protocol is down

  Hardware is 88E6095, BW 100 Mbps

Auto-Duplex, Auto-Speed

Available but not configured via nameif

MAC address 001f.9ee8.ffa1, MTU not set

IP address unassigned

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

<--- More --->

0 L2 decode drops

0 switch ingress policy drops

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

  Control Point Interface States:

Interface number is unassigned

------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 12%; 1 minute: 11%; 5 minutes: 11%

------------------ show cpu hogging process ------------------

Process:      Dispatch Unit, NUMHOG: 1, MAXHOG: 133, LASTHOG: 140

LASTHOG At:   04:45:59 UTC Nov 26 2013

PC:           8be0f7

Traceback:    8bed19  8bf553  302b87  3030a5  2fad69  7674bf  75ca16

              c6251d  c62a4c  c62f6c  75c653  767820  797f64  769c85

<--- More --->

------------------ show process ------------------

    PC       SP       STATE       Runtime    SBASE     Stack Process

Mwe 00c9bb24 01bb8700 013e3250          0 01733fc8 15616/16384 emweb/cifs

Lwe 001072ac 0176f9c4 013e32d0          0 0176d9f0 8132/8192 block_diag

Mrd 00223a67 01783d5c 013e33b0     314854 0177be18 25752/32768 Dispatch Unit

Msi 00f82847 01b07b84 013e3250        229 01b05bc0 7984/8192 y88acs06 OneSec Thread

Mwe 0011b1a5 01b09cfc 013e3250          0 01b07d88 7864/8192 Reload Control Thread

Mwe 00120606 01b1260c 013e5258          0 01b10988 7256/8192 aaa

Mwe 001486aa 01b19404 013e5ae8          0 01b15450 16020/16384 CMGR Server Process

Mwe 0014c3c5 01b1b4d4 013e3250          0 01b19570 7968/8192 CMGR Timer Process

Lwe 002227a1 01b239b4 013ee360          0 01b219f0 7524/8192 dbgtrace

Mwe 004e1ba5 01b29c34 013e3250        157 01b27d50 6436/8192 eswilp_svi_init

Mwe 01064b1d 01b4a7f4 013e3250          0 01b48890 7848/8192 Chunk Manager

Msi 008b61b6 01b52d54 013e3250        230 01b50da0 7856/8192 PIX Garbage Collector

Lsi 00ecb6ac 01b54e94 013e3250         12 01b52ec0 7552/8192 route_process

Mwe 008a5ddc 01b5dc04 0133b430          0 01b5bc40 8116/8192 IP Address Assign

Mwe 00acb779 01b60604 01346e10          0 01b5e640 8116/8192 QoS Support Module

Mwe 0091eba9 01b6275c 0133c530          0 01b60798 8116/8192 Client Update Task

Lwe 01083c8e 01b656d4 013e3250     123088 01b63770 7840/8192 Checkheaps

Mwe 00acfd7d 01b6b824 013e3250        623 01b69ad0 3476/8192 Quack process

Mwe 00b2a260 01b6dad4 013e3250         22 01b6bbf0 7364/8192 Session Manager

Mwe 00c55efd 01b78564 031d0478          4 01b74a50 14768/16384 uauth

<--- More --->

Mwe 00be3c9e 01b7aaec 0135c010          0 01b78b28 7524/8192 Uauth_Proxy

Mwe 00c52759 01b80e0c 01361770          0 01b7ee88 7712/8192 SMTP

Mwe 00c3f7b9 01b82eec 01361710          0 01b80fa8 7412/8192 Logger

Mwe 00c3fd26 01b8502c 013e3250          0 01b830c8 7492/8192 Thread Logger

Mwe 00f62272 01b9596c 013ac520          0 01b939c8 7188/8192 vpnlb_thread

Msi 00b4097c 01c598c4 013e3250        190 01c578f0 8000/8192 emweb/cifs_timer

Msi 005bd338 017a909c 013e3250      25855 017a7108 7412/8192 arp_timer

Mwe 005c76bc 01b486e4 013fba50      20643 01b46770 7348/8192 arp_forward_thread

Mwe 00c5a919 023fa5fc 013619e0          0 023f8648 7968/8192 tcp_fast

Mwe 00c5a6e5 023fc624 013619e0          0 023fa670 7968/8192 tcp_slow

Mwe 00c754d1 0240d42c 013628a0          0 0240b478 8100/8192 udp_timer

Mwe 0019cb17 01b404a4 013e3250          0 01b3e530 7984/8192 CTCP Timer process

Mwe 00efe8b3 0308c15c 013e3250          0 0308a208 7952/8192 L2TP data daemon

Mwe 00efef23 0308e194 013e3250          0 0308c230 7968/8192 L2TP mgmt daemon

Mwe 00eea02b 030c62ac 013a5c10         43 030c2338 16244/16384 ppp_timer_thread

Msi 00f62d57 030c82f4 013e3250        264 030c6360 7924/8192 vpnlb_timer_thread

Mwe 001b96e6 01b7cbbc 01b1e9c8          1 01b7ac48 7728/8192 IPsec message handler

Msi 001c9bac 01b8d4dc 013e3250       2917 01b8b548 7648/8192 CTM message handler

Mwe 00af93b8 031465b4 013e3250          0 03144640 7984/8192 ICMP event handler

Mwe 00831003 0314a724 013e3250        387 031467b0 16100/16384 IP Background

Mwe 0021b267 031a83c4 013123c0         31 03188450 123488/131072 tmatch compile thread

Mwe 009f2405 03290044 013e3250          0 0328c0c0 16072/16384 Crypto PKI RECV

Mwe 009f305a 03294144 013e3250          0 032901e0 16040/16384 Crypto CA

Mwe 0064d4fd 01b3e24c 013e3250          8 01b3c2f8 7508/8192 ESW_MRVL switch interrupt service

<--- More --->

Msi 00646f5c 032c134c 013e3250    3059378 032bf448 7184/8192 esw_stats

Lsi 008cbb80 032dc704 013e3250          3 032da730 7908/8192 uauth_urlb clean

Lwe 008afee7 034a0914 013e3250        197 0349e9b0 6636/8192 pm_timer_thread

Mwe 0052f0bf 034a35ac 013e3250          0 034a1648 7968/8192 IKE Timekeeper

Mwe 00520f6b 034a8adc 0132e2b0          0 034a4e38 15448/16384 IKE Daemon

Mwe 00bf5c78 034ac7ac 01360680          0 034aa7f8 8100/8192 RADIUS Proxy Event Daemon

Mwe 00bc32de 034ae79c 034dcbe0          0 034ac918 7208/8192 RADIUS Proxy Listener

Mwe 00bf5e0f 034b099c 013e3250          0 034aea38 7968/8192 RADIUS Proxy Time Keeper

Mwe 005aac4c 034b3154 013fb980          0 034b1250 7492/8192 Integrity FW Task

M*  008550a5 0009fefc 013e33b0       3183 034e3b20 24896/32768 ci/console

Msi 008eb694 034ed9d4 013e3250       2370 034ebc40 6176/8192 update_cpu_usage

Msi 008e6415 034f7dac 013e3250       1096 034f5eb8 6124/8192 NIC status poll

Mwe 005b63e6 03517d1c 013fbd10       1963 03515d78 7636/8192 IP Thread

Mwe 005becbe 03519e4c 013fbcb0          3 03517e98 7384/8192 ARP Thread

Mwe 004c2b36 0351befc 013fbae0          0 03519fe8 7864/8192 icmp_thread

Mwe 00c7722e 0351e06c 013e3250          0 0351c108 7848/8192 udp_thread

Mwe 00c5d126 0352008c 013fbd00          0 0351e228 7688/8192 tcp_thread

Mwe 00bc32de 03a6982c 03a5ee18          0 03a679b8 7512/8192 EAPoUDP-sock

Mwe 00266c15 03a6b614 013e3250          0 03a699e0 7032/8192 EAPoUDP

Mwe 005a6728 01b27b94 013e3250          0 01b25c30 7968/8192 Integrity Fw Timer Thread

-     -        -         -      47686621    -         -     scheduler

-     -        -         -      51253819    -         -     total elapsed

------------------ show failover ------------------

<--- More --->

ERROR: Command requires failover license

------------------ show traffic ------------------

inside:

received (in 51429.740 secs):

7749585 packets905087345 bytes

67 pkts/sec17013 bytes/sec

transmitted (in 51429.740 secs):

10653162 packets10355908020 bytes

40 pkts/sec201026 bytes/sec

      1 minute input rate 412 pkts/sec,  51803 bytes/sec

      1 minute output rate 475 pkts/sec,  522952 bytes/sec

      1 minute drop rate, 24 pkts/sec

      5 minute input rate 399 pkts/sec,  59676 bytes/sec

      5 minute output rate 483 pkts/sec,  503200 bytes/sec

      5 minute drop rate, 9 pkts/sec

outside:

received (in 51430.240 secs):

10758403 packets10441440193 bytes

42 pkts/sec203021 bytes/sec

transmitted (in 51430.240 secs):

7548339 packets872053854 bytes

<--- More --->

63 pkts/sec16037 bytes/sec

      1 minute input rate 479 pkts/sec,  523680 bytes/sec

      1 minute output rate 387 pkts/sec,  46796 bytes/sec

      1 minute drop rate, 3 pkts/sec

      5 minute input rate 485 pkts/sec,  503789 bytes/sec

      5 minute output rate 387 pkts/sec,  57681 bytes/sec

      5 minute drop rate, 2 pkts/sec

_internal_loopback:

received (in 51430.740 secs):

1 packets28 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51430.740 secs):

1 packets28 bytes

0 pkts/sec0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

----------------------------------------

Aggregated Traffic on Physical Interface

----------------------------------------

<--- More --->

Ethernet0/0:

received (in 51431.740 secs):

10758462 packets10640075825 bytes

42 pkts/sec206042 bytes/sec

transmitted (in 51431.740 secs):

7548383 packets1029818127 bytes

63 pkts/sec20023 bytes/sec

      1 minute input rate 485 pkts/sec,  537048 bytes/sec

      1 minute output rate 395 pkts/sec,  54546 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 485 pkts/sec,  511723 bytes/sec

      5 minute output rate 387 pkts/sec,  65495 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/1:

received (in 51433.570 secs):

7749780 packets1066328930 bytes

67 pkts/sec20064 bytes/sec

transmitted (in 51433.570 secs):

10653359 packets10552787020 bytes

40 pkts/sec205006 bytes/sec

      1 minute input rate 419 pkts/sec,  59621 bytes/sec

      1 minute output rate 480 pkts/sec,  533950 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 399 pkts/sec,  67618 bytes/sec

<--- More --->

      5 minute output rate 482 pkts/sec,  511073 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/2:

received (in 51434.730 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51434.730 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/3:

received (in 51434.730 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51434.730 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

<--- More --->

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/4:

received (in 51434.870 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51434.870 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/5:

received (in 51434.870 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51434.870 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

<--- More --->

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/6:

received (in 51435.010 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51435.010 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Ethernet0/7:

received (in 51435.010 secs):

0 packets0 bytes

0 pkts/sec0 bytes/sec

transmitted (in 51435.010 secs):

<--- More --->

0 packets0 bytes

0 pkts/sec0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/0:

received (in 51435.510 secs):

18513901 packets11784250044 bytes

25 pkts/sec229023 bytes/sec

transmitted (in 51435.510 secs):

18207269 packets11641332179 bytes

19 pkts/sec226078 bytes/sec

      1 minute input rate 891 pkts/sec,  595715 bytes/sec

      1 minute output rate 863 pkts/sec,  588935 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 885 pkts/sec,  584035 bytes/sec

      5 minute output rate 870 pkts/sec,  580393 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/1:

received (in 51436.010 secs):

18207323 packets11641364184 bytes

<--- More --->

19 pkts/sec226076 bytes/sec

transmitted (in 51436.010 secs):

18513954 packets11784281987 bytes

25 pkts/sec229022 bytes/sec

      1 minute input rate 855 pkts/sec,  575808 bytes/sec

      1 minute output rate 884 pkts/sec,  582339 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 869 pkts/sec,  578350 bytes/sec

      5 minute output rate 883 pkts/sec,  581924 bytes/sec

      5 minute drop rate, 0 pkts/sec

------------------ show perfmon ------------------

PERFMON STATS:    Current      Average

Xlates               0/s          0/s

Connections         17/s          6/s

TCP Conns            8/s          2/s

UDP Conns            7/s          2/s

URL Access           0/s          0/s

URL Server Req       0/s          0/s

TCP Fixup            0/s          0/s

TCP Intercept        0/s          0/s

HTTP Fixup           0/s          0/s

<--- More --->

FTP Fixup            0/s          0/s

AAA Authen           0/s          0/s

AAA Author           0/s          0/s

AAA Account          0/s          0/s

------------------ show counters ------------------

Protocol     Counter                     Value   Context

IP           IN_PKTS                  168960   Summary

IP           OUT_PKTS                 169304   Summary

IP           TO_ARP                       61   Summary

------------------ show history ------------------

------------------ show firewall ------------------

Firewall mode: Transparent

------------------ show running-config ------------------

<--- More --->

: Saved

:

ASA Version 7.2(3)

!

firewall transparent

hostname ciscoasa

enable password

names

!

interface Vlan1

nameif inside

security-level 100

!

interface Vlan2

nameif outside

security-level 0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

<--- More --->

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd

regex domain1 ".facebook\.com"

regex domain2 ".fb\.com"

regex domain3 ".youtube\.com"

ftp mode passive

access-list ACL_IN extended permit ip any any

pager lines 24

mtu inside 1500

mtu outside 1500

ip address 192.168.1.254 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-523.bin

no asdm history enable

<--- More --->

arp timeout 14400

access-group ACL_IN in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map type regex match-any DomainBlockList

match regex domain1

match regex domain2

match regex domain3

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

<--- More --->

  message-length maximum 512

match domain-name regex class DomainBlockList

  drop-connection log

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:bb5115ea1d14ee42e7961ef0c9aaed86

: end

<--- More --->

------------------ show startup-config errors ------------------

INFO: No configuration errors

------------------ console logs ------------------

Message #1 : Message #2 : Message #3 : Message #4 : Message #5 : Message #6 : Message #7 : Message #8 : Message #9 : Message #10 : Message #11 : Message #12 : Message #13 : Message #14 :

Total SSMs found: 0

Message #15 :

Total NICs found: 10

Message #16 : 88E6095 rev 2 Gigabit Ethernet @ index 09Message #17 :  MAC: 0000.0003.0002

Message #18 : 88E6095 rev 2 Ethernet @ index 08Message #19 :  MAC: 001f.9ee8.ffa1

Message #20 : 88E6095 rev 2 Ethernet @ index 07Message #21 :  MAC: 001f.9ee8.ffa0

Message #22 : 88E6095 rev 2 Ethernet @ index 06Message #23 :  MAC: 001f.9ee8.ff9f

Message #24 : 88E6095 rev 2 Ethernet @ index 05Message #25 :  MAC: 001f.9ee8.ff9e

Message #26 : 88E6095 rev 2 Ethernet @ index 04Message #27 :  MAC: 001f.9ee8.ff9d

Message #28 : 88E6095 rev 2 Ethernet @ index 03Message #29 :  MAC: 001f.9ee8.ff9c

Message #30 : 88E6095 rev 2 Ethernet @ index 02Message #31 :  MAC: 001f.9ee8.ff9b

Message #32 : 88E6095 rev 2 Ethernet @ index 01Message #33 :  MAC: 001f.9ee8.ff9a

Message #34 : y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 001f.9ee8.ffa2

Message #35 :

Licensed features for this platform:

Message #36 : Maximum Physical Interfaces : 8        

<--- More --->

Message #37 : VLANs                       : 3, DMZ Restricted

Message #38 : Inside Hosts                : Unlimited

Message #39 : Failover                    : Disabled

Message #40 : VPN-DES                     : Enabled  

Message #41 : VPN-3DES-AES                : Enabled  

Message #42 : VPN Peers                   : 10       

Message #43 : WebVPN Peers                : 2        

Message #44 : Dual ISPs                   : Disabled 

Message #45 : VLAN Trunk Ports            : 0        

Message #46 :

This platform has a Base license.

Message #47 :

Message #48 : Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Message #49 :                              Boot microcode   : CNlite-MC-Boot-Cisco-1.2

Message #50 :                              SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

Message #51 :                              IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

Message #52 :   --------------------------------------------------------------------------

Message #53 :                                  .            .                            

Message #54 :                                  |            |                            

Message #55 :                                 |||          |||                           

Message #56 :                               .|| ||.      .|| ||.                         

Message #57 :                            .:||| | |||:..:||| | |||:.                      

Message #58 :                             C i s c o  S y s t e m s                       

Message #59 :   --------------------------------------------------------------------------

<--- More --->

Message #60 :

Cisco Adaptive Security Appliance Software Version 7.2(3)

Message #61 :

Message #62 :   ****************************** Warning *******************************

Message #63 :   This product contains cryptographic features and is

Message #64 :   subject to United States and local country laws

Message #65 :   governing, import, export, transfer, and use.

Message #66 :   Delivery of Cisco cryptographic products does not

Message #67 :   imply third-party authority to import, export,

Message #68 :   distribute, or use encryption. Importers, exporters,

Message #69 :   distributors and users are responsible for compliance

Message #70 :   with U.S. and local country laws. By using this

Message #71 :   product you agree to comply with applicable laws and

Message #72 :   regulations. If you are unable to comply with U.S.

Message #73 :   and local laws, return the enclosed items immediately.

Message #74 :

Message #75 :   A summary of U.S. laws governing Cisco cryptographic

Message #76 :   products may be found at:

Message #77 :   http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Message #78 :

Message #79 :   If you require further assistance please contact us by

Message #80 :   sending email to export@cisco.com.

Message #81 :   ******************************* Warning *******************************

Message #82 :

<--- More --->

Message #83 : Copyright (c) 1996-2007 by Cisco Systems, Inc.

Message #84 :                 Restricted Rights Legend

Message #85 : Use, duplication, or disclosure by the Government is

Message #86 : subject to restrictions as set forth in subparagraph

Message #87 : (c) of the Commercial Computer Software - Restricted

Message #88 : Rights clause at FAR sec. 52.227-19 and subparagraph

Message #89 : (c) (1) (ii) of the Rights in Technical Data and Computer

Message #90 : Software clause at DFARS sec. 252.227-7013.

Message #91 :                 Cisco Systems, Inc.

Message #92 :                 170 West Tasman Drive

Message #93 :                 San Jose, California 95134-1706

ciscoasa#   

0 Helpful

jumora
Level 7
Level 7
In response to Moule Ayalew

‎11-28-2013 09:10 AM

Upgrade to 8.2.5 you should be able then to enable a feature called threat-detection that helps us analyze who is the top talker on the network which protocol is most used and the amount of bytes transmitted to a specific destination.

ASA Threat Detection Functionality and Configuration

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bd3913.shtml

Value our effort and rate the assistance!

Value our effort and rate the assistance!

jumora
Level 7
Level 7
In response to Moule Ayalew

‎12-01-2013 08:13 PM

Do you need anything else, do you have any comments??

Value our effort and rate the assistance!

Value our effort and rate the assistance!
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-01-2013 10:09 PM

Hello Moule,

I have something to add

Can you remove the L7 policy inspection for the HTTP protocol???

How to:

no service-policy inside-policy interface inside

Afterwards clear the local-host table and try?

how to

clear local-host

Then try and let us know

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card