Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1150
Views
0
Helpful
2
Replies

ASA CPU HOG WITH PACKET DROPS

usman ali dar
Level 1
Level 1

‎05-29-2015 04:36 PM - edited ‎03-11-2019 11:01 PM

we have ASA 5500-X which is working good for every other services but not with some of them which is typically using client and server communications.

 

they get kicked out at any time of the operations and then they cant just logged in again until after some time passed it appears to be normal again while all the other traffic for internet is good with no issues.

 

I have seen the interfaces of the firewall and found some over runs on outside interface which is incrementing with some low ratio like in a day or two they increase.

 

I also see cpu-hog for while the processing is absolutely under 20% never go more than 30% memory is also used mostly like 2 gig from 12g, the processor is 1 with 8 cores

 

I try to enable the ASP Load Balancing but as it is 9.1.1, I do not see any change or I did not see any per packet load balancing in ASA

 

the xlate tables are using multisession not per session Can this be a cause of what ever I am experiencing or if I enable per-session would that not effect the client server communications or it will

 

my all inside traffic is going outside through one dynamic PAT Hide which later on I change it with three other IPs seperatly as we have a large number of subnets for each of our site.

 

still I see the same issue one of the could application felt so slow that they get hanged for 5 mins and then display the req contents.

 

kindly help me out if any config is required I can paste it for troubleshooting this issue.

 

 

regards

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎05-29-2015 11:52 PM

Hi,

To start with this issue , I think you should try and isolate this issue on the ASA device.

This can be done initially on the ASA device using the Syslog.

This should be seen at the time of the issue.

Also , after this it is the captures on the ASA interfaces with the ASP captures to see if the ASA device is dropping the packets for this connection.

Also , if the packets are being dropped on the Interface as overruns , it will not be captured.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

usman ali dar
Level 1
Level 1
In response to Vibhor Amrodia

‎05-30-2015 12:06 PM

Hey amrofia thanku for your response please can you help me with a bit more details to see.

On asa everything is dynamic pat hide for outside and with multi-session not per session. 

It's like everything is fine and suddenly only users with that are using client and server communications are having issues or can't log in to that specific server but they can do all other Internet things. When this happen I saw cpu hogs I see it happening about some little time before like 15 to 30 mins and then they have to wait untill it starts again.

it's 9.1.1 version we are using 

The asa is with 8 cores but when I enable asp load balancing it did not show anything it was just using core 0.

The under runs are jus 53 on inside interface and over runs are 611 on outside interface

Loads of drops on asp drop for netbios icmp and dns it's inspection that I enabled on asa.

All the time the cpu never spike to more than 28 to 30 and memory is only used 1.5 gig out of 12 gig.

should I enable sys log 6 on asa to see it on slunk ot net flow

 

Thanks once again for helping

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card