12-24-2012 02:12 PM - edited 03-11-2019 05:40 PM
I have this problem and Comcast is not a help in resolving.
We just changed over to Comcast Business and after changing the outside interface to new IP and setting static route.
I have access to internet and everythig appears to be good,
However asdm will never fully load, alway stuck at 17% or 77%, and I always see "parsing running config"
When I do a show run it will not fully load either, always stop at certain out put.
5 seconds after pulling the Comcast cable out both asdm and running config will load fine
Can any one help?
Solved! Go to Solution.
12-24-2012 06:02 PM
Hello Duong,
CPU at 100% there is our problem!!!
Your box is on fireeeee... Let me know when you have access to the box so we can work on this
Julio
12-24-2012 03:34 PM
Hello Duong,
Any logs from the ASA that you can share with us while the issue happens?
Check memory, CPU while using the COMCAST connection
Regards,
12-24-2012 03:40 PM
Merry Christmas Brother! Thanks for answering!
For some reason cpu is 100 percent and traffic bandwidth is 500kbps.
I am not on site so I cant see the log file right now.
BTW my site to site tunnel didn't work, I used your instructions:
So only do the following: Lets say new ip is 4.4.4.4
clear configure tunnel-group 2.2.2.2
tunnel-group 4.4.4.4 type ipsec-l2l
tunnel-group 4.4.4.4 ipsec-attributes
pre-shared key x.x.x.x
no crypto map outside_map 20 set peer 2.2.2.2
crypto map outside_map 20 set peer 4.4.4.4
--
12-24-2012 06:02 PM
Hello Duong,
CPU at 100% there is our problem!!!
Your box is on fireeeee... Let me know when you have access to the box so we can work on this
Julio
12-25-2012 01:11 AM
I am curious why its at 100 percent, nothing is plugged in beside Comcast Box.
Will you be available to help me Wednesday? If so what is the best time for you?
12-25-2012 10:26 AM
Hello Duong,
I guess, let me know on wednesday
12-25-2012 11:31 AM
I was able to see the log today.
It is filled with these exact lines.
7|Dec 25 2012|11:27:55|609001|172.16.121.11||||Built local-host outside:172.16.121.11
7|Dec 25 2012|11:27:55|609001|172.16.121.11||||Built local-host outside:172.16.121.11
7|Dec 25 2012|11:27:55|609001|172.16.121.11||||Built local-host outside:172.16.121.11
7|Dec 25 2012|11:27:55|609001|172.16.121.11||||Built local-host outside:172.16.121.11
7|Dec 25 2012|11:27:55|609001|172.16.121.11||||Built local-host outside:172.16.121.11
7|Dec 25 2012|11:27:55|609001|172.16.121.11||||Built local-host outside:172.16.121.11
How to stop this?
12-25-2012 12:16 PM
Hi Bro.
I found and deleted that connection.
CPU now down to 5%
Please help me with site to site, then I can rest for Christmas.
12-26-2012 01:43 PM
Hello,
Looks like that host is eating your network...
Why is he trying to build that much connections??
While you have it down to 5 % can you access it?
12-26-2012 02:02 PM
Yes I can connect now and have full access to FW
12-26-2012 03:00 PM
As expected
Who is 172.16.121.11 and what is he doing ??
sh local | in host|count/limit
That command will help you finding the amount of connections per host
This might be a computer with a virus or a bad application,etc,etc but the thing is that you could not access it because the ASA was overwhelmed by that PC.
So the problem is the PC,
That solves our paradigm,
Regards,
12-26-2012 03:53 PM
That IP belonged to the consultant the company hired before I was employed.
He is their firewall guy.
There was a VPN tunnel to that IP address.
I want to learn FW to take over that position and further my career.
12-26-2012 04:02 PM
Hello,
Good to know that
Well that is why we are here, In order to keep learning,
Regards,
Julio Carvajal.S
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide