cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
626
Views
0
Helpful
1
Replies

ASA 5520 sluggish with IPS module and threat detection

admintech
Level 1
Level 1

We have a failover pair of ASA 5520's with IPS modules.  During some recent peak activity periods (ecommerce spikes in traffic), The inspection load on the IPS goes up over 80%.  The proc on the ASA gets smacked at 99+ % and the Dispatch Unit process is doing the heavy hitting.  We've disabled the default threat detection and threat-detection statistics on the ASA, but still see sluggishness.  It doesn't appear to be related directly to number of connections as the sluggishness occurs whether there are 12k or 36k worth of connections.  Is there any optimization that can be done?  Frame size adjustments, etc.?

Thanks

1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

The first thing I would check would be to see if the ASA is getting oversubscribed.

Have a look at http://supportforums.cisco.com/docs/DOC-12439 to see how to approach it.

I hope it helps.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card