I have a really strange problem with a cisco Firepower 2110 and a Firepower 2140:
FP 2110 is just configured as classic ASA-VPN-Appliance
FP 2140 is just configured as classic ASA-Firewall-System (with about 15 Subnets, 1200 endpoints)
Die FP 2140 as Firewall works well with a load between 2- 5 %
When I connect the FP 2110 via Layer3 Interface with a small subnet (netmask 255.255.255.240) the CPU load grows up on both machines, even the ASA-VPN-Appliance isn't still produktivie!
When I connect the VPN-Appliance (2110) to my 6500 Core-Router (same netmask) everything is fine with the cpu-load.
Really magic, till now I didn't found anything at cisco or got a answer from cisco.
Is there anyone with the same problem?
It is hard to say what could be causing your issue from the information that you provided here. It could be a routing loop, software defect, etc. Have you opened a support case with TAC?
Thank you for rating helpful posts!
I was off work for a week.
I think it is not a routing loop, because it is really simple.
I also contacted the TAC, but they haven't delivered a solution for that problem (with the necessary information - show tech-support etc..)
We had a 99% and spontaneous reboots issue, solved by TAC today. We removed the command to permit traffic flow between same security level interfaces:
no same-security-traffic permit intra-interface
Our management1/1 and inside interfaces were both security level 100 and unnecessary traffic was flowing between them.
Additionally, we had found the day before that our queues were filling up with NETBIOS traffic, so we removed that inspection from the default policy-map.