Re: Compress data cisco asa 5550

Rafael Mendes · ‎04-07-2011

Hello everyone,

I have two box cisco asa 5550 in multiple context mode and failover.

My network topology is:

Outside Network

•

DMZ2 Network • • • • (CISCO ASA 5550) • • • • DMZ1 Network

•

Inside Netowork

My interface "Inside Network" is full(I think).

I can't diagnose this, based on command "sh interface gigabitEthernet"

109042974565 packets input, 100691006385765 bytes
94097614769 packets output, 59002295942465 bytes
999339444 packets dropped

My interface is 1GB, based on the above command, it is full?

If yes, can explain the conversion mode for me?

If interface is full, i have a problem! All the ports on asa firewall are using, how do resolve this? I can compress all data on this interface with class maps and policy maps?

Obs: See the attachment.

Thanks a lot.

Rafael mendes

Shrikant Sundaresh · ‎04-07-2011

Hi Rafael,

The data you have provided is not enough to tell if the bandwidth is being reached.

Please provide the outputs of

"show interface inside" (if inside is the name of your internal-network facing interface)

"show traffic"

These will help in determining the traffic usage on the inside interface.

-Shrikant

Rafael Mendes · ‎04-07-2011

Hello Shrikant,

Commands output:

show interface rede_interna
Interface GigabitEthernet0/2 "rede_interna", is up, line protocol is up
   Traffic Statistics for "rede_interna":
        109058948544 packets input, 100707512629638 bytes
        94109364528 packets output, 59004098962874 bytes
        999488854 packets dropped

show traffic

rede_interna:
        received (in 2953796.184 secs):
                109059058163 packets    100707630588445 bytes
                36001 pkts/sec 34094000 bytes/sec
        transmitted (in 2953796.184 secs):
                94109443543 packets     59004107672664 bytes
                31001 pkts/sec 19975000 bytes/sec
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 0 pkts/sec, 0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 0 bytes/sec
      5 minute output rate 0 pkts/sec, 0 bytes/sec
      5 minute drop rate, 0 pkts/sec

Thanks!

Shrikant Sundaresh · ‎04-07-2011

Hi Rafael,

Is the Gigabit Ethernet 0/2 interface divided into multiple sub interfaces? Since the average 1 minute and 5 minute rates show 0.

Alternately, during peak traffic time, you could clear the current traffic stats, and take the output of "show traffic" every minute for five minutes. (5-6 outputs in all)

"clear traffic" resets all traffic counters to 0. (do it only at the beginning. Not every minute)

The value of bytes/second transmitted and received would give you an idea of the bandwidth in use during peak hours.

-Shrikant

Rafael Mendes · ‎04-08-2011

Hello Shrikant,

after executing the procedure, the output of the command was:

      received (in 627.910 secs):
                2076233 packets 1607729767 bytes
                3306 pkts/sec   2560446 bytes/sec
        transmitted (in 627.910 secs):
                1921000 packets 530750037 bytes
                3059 pkts/sec   845264 bytes/sec
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 0 pkts/sec, 0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 0 bytes/sec
      5 minute output rate 0 pkts/sec, 0 bytes/sec
      5 minute drop rate, 0 pkts/sec

Is there any software to show this graph? Like a Cact.