Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
2
Replies

PIX CPU Opinion

melry88
Level 1
Level 1

‎01-28-2005 11:23 AM - edited ‎02-20-2020 11:54 PM

Hello All,

I need some opinions if I can. A client has had their PIX 515E lock up time and time again. They had Cisco involved and then had a local service group replaced the PIX. It ran fine for about two weeks and then locked up this morning. Well this is where I come in. They had me come in and install a monitoring solutions last night and I configured the PIX with MRTG and a Syslog server. I noticed the cpu from 6:17am to about 11:35am was smacked about 92% also the Syslog stopped receiving message during this time. So I logged in and noticed someone was buffereing debug messages and I was thinking that maybe this will cause the problem they are seeing. They are an internet based company that saw a steady increase in traffic but not a lot and I thought maybe having the debuging buffered would cause the CPU to increase that much. What do you all think?

0 Helpful
2 Replies 2

thisisshanky
Level 11
Level 11

‎01-28-2005 12:03 PM

I hope you are talking about syslog messages and not the real "debug" message outputs. Debugs can kill the CPU depending upon how heavy the traffic and the output of the debug is. Usually buffering the syslog messages is a good idea (if you dont have a syslog server). Atleast its less CPU intensive than Console logging. Syslog server is the best method of

logging.

Have you checked to see if the PIX NAT table is full during the time you specified. Is anybody using the network during this time ?

Somebody could be doing an DOS attack on the network too, during this time. You could do an external penetration tests to find out what ports are open (depends on the ACL) on the PIX and seal them to minimize external attacks.

Also what version of code is running on the box.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

melry88
Level 1
Level 1
In response to thisisshanky

‎02-14-2005 06:36 AM

Okay here is an update to this ongoing issue.

Setup MRTG to alert me when the CPU goes over 70%. Got an alert last night and these are the things I noticed.

1. CPU was at 87% and stuck there.

2. SSH no longer worked outside.

3. PPTP no longer worked to the outside.

4. Client went into office and used telnet to access.

5. Processes shows 557poll very high as with all other traffic type of processes. ip:0/0 and ip:1/1.

6. Shut down crypto map to rule out traffic from other sites. CPU still at 87%...

7. Was still able to pass traffic to inside webserver from Internet so PIX interface was not shutdown.

8. MRTG does not show any major traffic coming in, really shows a decrease in traffic from day time usage.

9. Issued reload and everything was fine.

Any help would be greatly appreciated.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card