Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
1
Replies

ASA 5520 sluggish with IPS module and threat detection

admintech
Level 1
Level 1

‎11-29-2010 09:27 AM - edited ‎03-11-2019 12:15 PM

We have a failover pair of ASA 5520's with IPS modules.  During some recent peak activity periods (ecommerce spikes in traffic), The inspection load on the IPS goes up over 80%.  The proc on the ASA gets smacked at 99+ % and the Dispatch Unit process is doing the heavy hitting.  We've disabled the default threat detection and threat-detection statistics on the ASA, but still see sluggishness.  It doesn't appear to be related directly to number of connections as the sluggishness occurs whether there are 12k or 36k worth of connections.  Is there any optimization that can be done?  Frame size adjustments, etc.?

Thanks

Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-29-2010 12:09 PM

The first thing I would check would be to see if the ASA is getting oversubscribed.

Have a look at http://supportforums.cisco.com/docs/DOC-12439 to see how to approach it.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card