Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
2
Replies

Is there any 1550 blocks depletion ? Cisco ASA Firewall

secureIT
Level 4
Level 4

‎10-04-2016 07:35 AM - edited ‎03-12-2019 01:21 AM

Hello All,

Seeing input error and overruns increasing in one outside interface of ASA firewall
Are we seeing 1550 blocks depletion here ?

My real life problem is getting too many input and overruns on the outside interface of the firewall, where as traffic load is very normal.

ASA # show blocks
  SIZE    MAX    LOW    CNT
     0    700    668    695
     4    300    298    299
    80    900    872    900
   256   4148   4033   4143
  1550   9801   9140   9541
  2048   1100   1094   1100
  2560   2052   2052   2052
  4096    100     97    100
  8192    100     99    100
 16384    154    154    154
 65536     16     16     16

Also observed below configuration in the FW.

logging monitor debugging
logging buffered debugging
logging asdm debugging

Could someone assist pls.

Labels:
0 Helpful
2 Replies 2

JP Miranda Z
Cisco Employee
Cisco Employee

‎10-04-2016 01:47 PM

Hi Sec IT,

The blocks are looking good, also the logging config, these are some of the reasons why you can have overruns:

-CPU hogs

-Packet Processed Periodically

-Packet Bursts

You can take a look to this link in order to mitigate overruns:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113185-asaperformance.html#anc4

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful

secureIT
Level 4
Level 4
In response to JP Miranda Z

‎10-04-2016 10:53 PM

flow control to be enabled ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card