Hello guys,, first time posting on this forum.
Im running ASA 8.0(3) on Active/StandBy failover pair.
Last night I realized the CPU usage of my production ASA was 99%,,, on the ASDM Firewall Dashboard I can see counters like this:
Dropped Packet Rate (ACL Dropped) = 6000+ (more than 6 thousand)
Scanning Attacks = 18600+ (more than Eighteen thousand)
Im having about 130 connections and 250 NAT Xlates
Pretty small environment.
I went on the ASDM and checked the RealTime Log viewer and I have about 30 entries per second of these:
4 | Oct 19 2011 | 11:35:12 | 401004 |
|
|
|
| Shunned packet: 10.64.10.1 ==> 10.64.0.1 on interface NewLAN |
There is nothing on the Coumns "Source IP" " Source Port" "Destination IP" or "Destination Port"
Only these columns are populated:
Severity
Date
Time
SyslogID
Description
The IP 10.64.0.1 is my ASA
The IP 10.64.10.1 is a PC with a Monitoring Tool (Solarwinds Orion with IPAM)
Yesterday night I disabled the Interface on the PC and waited for 15 minutes,, and I still saw the counters, nothing changed.
I enabled the Interface on the PC again,, and installed Wireshark,, I dont see that PC trying to connect to 10.64.0.1.
I wonder what else I could check and how to track down what is killing the CPU on my firewall.
I hope somebody can give me some ideas.
Thanks!!