cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2583
Views
0
Helpful
13
Replies

Cisco ASA 5520 High CPU usage | nat-no-xlate-to-pat-pool

Neji Jihed
Level 1
Level 1

Hello,

Our Cisco ASA 5520 firewall is running with 99% CPU, Processes Dispatch Unit is using over 90 % of CPU, and capture is showing below drop reason :

 

Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate


firewall(config)# show processes cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
0x082a430c 0x6edd4ee4 98.5% 98.5% 97.8% Dispatch Unit
0x0911063d 0x6edad768 0.2% 0.2% 0.4% ssh
0x082be9da 0x6edcb07c 0.1% 0.1% 0.1% Logger
0x08502b76 0x6edc0ff0 0.1% 0.1% 0.1% fover_health_monitoring_thread
firewall(config)#


Any thoughts ?
Thank you,


13 Replies 13

Bogdan Nita
VIP Alumni
VIP Alumni

I do not think the it's the same problem.

I usually see 'PAT address without pre-existing xlate' for missconfigured nat rules.

The dispatch unit is the central packet processing process and for high dispatch cpu you usually need to have a look at traffic.

Show traffic, show perfmon and sh asp drop can give you an idea where the problem is.

 

HTH

Bogdan

 

Neji Jihed
Level 1
Level 1