ASA 5510 slow down internet speed upto 90%

sasikumarnaren84 · ‎11-08-2013

Hi Friends,

From this morning i am facing internet slow down and keep hitting by the below log message, previously we have installed print server under new domain in our network. now we are using 2 active directory domain for migrate from old to new.

Deny udp src outside:67.67.168.158/137 dst inside:webmail/137 by access-group "outside" [0xfd0ffa4a, 0x0]

Deny udp src outside:67.138.235.149/6375 dst inside:webmail/137 by access-group "outside" [0xfd0ffa4a,

Deny udp src outside:67.151.22.146/137 dst inside:webmail/137 by access-group "outside" [0xfd0ffa4a, 0x0]

Deny udp src outside:67.71.202.170/137 dst inside:webmail/137 by access-group "outside" [0xfd0ffa4a, 0x0]

webmail is the public ip for owa.

IDS:2004 ICMP echo request from 198.205.123.232 to outside_if on interface outside

IDS:2004 ICMP echo request from 198.205.123.231 to outside_if on interface outside

IDS:2004 ICMP echo request from 198.205.123.128 to outside_if on interface outside

IDS:2004 ICMP echo request from 198.205.123.228 to outside_if on interface outside

[ Scanning] drop rate-2 exceeded. Current burst rate is 14 per second, max configured rate is 8; Current average rate is 157 p

when i tried to restart the firewall, the internet was working fine for an hour and slow down again.

sasikumarnaren84 · ‎11-13-2013

Hi all,

This problem was occured due to virus attack on webmail server. Tons of traffic was generated from server to outside i/f and we didn't block unnecessary ports from inside to outside. we have solved that issue by block the ports on asa, windows firewall and cleaned the virus.