Current Position:Home > Internet Connection Became Slow after Introduction of Cisco ASA 5505 to the Network

Internet Connection Became Slow after Introduction of Cisco ASA 5505 to the Network

Update:10-11Source: network consolidation
Advertisement
I configured a Cisco ASA 5505 (Version Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
in transparent firewall mode and inserted after Cisco 1700 router. However, the internet connection became very slow and users are compaining that they cannot load any pages.
My setup looks like:
Internet --> Cisco 1700 --> Cisco ASA 5505 --> LAN
The license information is:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs                       : 3, DMZ Restricted
Inside Hosts                : Unlimited
Failover                    : Disabled
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
VPN Peers                   : 10
WebVPN Peers                : 2
Dual ISPs                   : Disabled
VLAN Trunk Ports            : 0
This platform has a Base license.
The flash activation key is the SAME as the running key.
My running-config looks like:
ASA Version 7.2(3)
firewall transparent
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface Vlan1
nameif inside
security-level 100
no shut
interface Vlan2
nameif outside
security-level 0
no shut
interface Ethernet0/0
switchport access vlan 2
no shut
interface Ethernet0/1
no shut
interface Ethernet0/2
no shut
interface Ethernet0/3
no shut
interface Ethernet0/4
no shut
interface Ethernet0/5
no shut
interface Ethernet0/6
no shut
interface Ethernet0/7
no shut
passwd 2KFQnbNIdI.2KYOU encrypted
regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"
regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]"
regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]"
regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]"
regex domainlist1 "\.facebook\.com"
regex domainlist2 "\.diretube\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.vimeo\.com"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside_in extended permit ip any any
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 192.168.1.254 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
match regex domainlist4
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type regex match-any URLBlockList
match regex urllist1
match regex urllist2
match regex urllist3
match regex urllist4
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
class-map type inspect http match-all BlockURLsClass
match request uri regex class URLBlockList
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map type inspect http http_inspection_policy
parameters
  protocol-violation action drop-connection
class AppHeaderClass
  drop-connection log
match request method connect
  drop-connection log
class BlockDomainsClass
  reset log
class BlockURLsClass
  reset log
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
policy-map inside-policy
class httptraffic
  inspect http http_inspection_policy
service-policy global_policy global
service-policy inside-policy interface inside
prompt hostname context
Cryptochecksum:8ab1a53df6ae3c202aee236d6080edfd
: end
Could the slow internet connection be due to license limitations? Or is there something wrong with my configuration?
Please see the configuration and help.
Thanks

The Best Answer

Advertisement
I have re-configured the ASA 5505 yesterday and so far it's working fine. I am not sure if the problem will re-appear later on. Anyways here is my sh tech-support
ciscoasa# sh tech-support
Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
Compiled on Wed 15-Aug-07 16:08 by builders
System image file is "disk0:/asa723-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 14 hours 16 mins
Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0    : address is 001f.9ee8.ffa2, irq 11
1: Ext: Ethernet0/0         : address is 001f.9ee8.ff9a, irq 255
2: Ext: Ethernet0/1         : address is 001f.9ee8.ff9b, irq 255
3: Ext: Ethernet0/2         : address is 001f.9ee8.ff9c, irq 255
4: Ext: Ethernet0/3         : address is 001f.9ee8.ff9d, irq 255
5: Ext: Ethernet0/4         : address is 001f.9ee8.ff9e, irq 255
6: Ext: Ethernet0/5         : address is 001f.9ee8.ff9f, irq 255
<--- More --->
7: Ext: Ethernet0/6         : address is 001f.9ee8.ffa0, irq 255
8: Ext: Ethernet0/7         : address is 001f.9ee8.ffa1, irq 255
9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8        
VLANs                       : 3, DMZ Restricted
Inside Hosts                : Unlimited
Failover                    : Disabled
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
VPN Peers                   : 10       
WebVPN Peers                : 2        
Dual ISPs                   : Disabled 
VLAN Trunk Ports            : 0        
This platform has a Base license.
Serial Number: JMX1211Z2N4
Running Activation Key: 0xaf0ed046 0xbcf18ebf 0x80b38508 0xba785cc0 0x05250493
Configuration register is 0x1
Configuration has not been modified since last system restart.
<--- More --->
------------------ show clock ------------------
18:32:58.254 UTC Tue Nov 26 2013
------------------ show memory ------------------
Free memory:       199837144 bytes (74%)
Used memory:        68598312 bytes (26%)
Total memory:      268435456 bytes (100%)
------------------ show conn count ------------------
1041 in use, 2469 most used
------------------ show xlate count ------------------
0 in use, 0 most used
------------------ show blocks ------------------
  SIZE    MAX    LOW    CNT
     0    100     68    100
<--- More --->
     4    300    299    299
    80    100     92    100
   256    100     94    100
  1550   6174   6166   6174
  2048   1124    551    612
------------------ show blocks queue history detail ------------------
History buffer memory usage: 2136 bytes (default)
------------------ show interface ------------------
Interface Internal-Data0/0 "", is up, line protocol is up
  Hardware is y88acs06, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 001f.9ee8.ffa2, MTU not set
IP address unassigned
18491855 packets input, 11769262614 bytes, 0 no buffer
Received 213772 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops, 0 demux drops
18185861 packets output, 11626494317 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
<--- More --->
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/55) software (0/0)
  Control Point Interface States:
Interface number is unassigned
Interface Internal-Data0/1 "", is administratively down, line protocol is up
  Hardware is 88E6095, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 0000.0003.0002, MTU not set
IP address unassigned
18184216 packets input, 11625360131 bytes, 0 no buffer
Received 206655 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 switch ingress policy drops
18490057 packets output, 11768078777 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Loopback0 "_internal_loopback", is up, line protocol is up
  Hardware is VirtualMAC address 0000.0000.0000, MTU 1500
IP address 127.1.0.1, subnet mask 255.255.0.0
<--- More --->
  Traffic Statistics for "_internal_loopback":
1 packets input, 28 bytes
1 packets output, 28 bytes
1 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Control Point Interface States:
Interface number is 28
Interface config status is active
Interface state is active
Interface Vlan1 "inside", is up, line protocol is up
  Hardware is EtherSVI
MAC address 001f.9ee8.ffa2, MTU 1500
IP address 192.168.1.254, subnet mask 255.255.255.0
  Traffic Statistics for "inside":
7742275 packets input, 903584114 bytes
10645034 packets output, 10347291114 bytes
184883 packets dropped
      1 minute input rate 320 pkts/sec,  35404 bytes/sec
      1 minute output rate 325 pkts/sec,  313317 bytes/sec
<--- More --->
      1 minute drop rate, 17 pkts/sec
      5 minute input rate 399 pkts/sec,  59676 bytes/sec
      5 minute output rate 483 pkts/sec,  503200 bytes/sec
      5 minute drop rate, 9 pkts/sec
  Control Point Interface States:
Interface number is 1
Interface config status is active
Interface state is active
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI
MAC address 001f.9ee8.ffa3, MTU 1500
IP address 192.168.1.254, subnet mask 255.255.255.0
  Traffic Statistics for "outside":
10750090 packets input, 10432619059 bytes
7541331 packets output, 870613684 bytes
109911 packets dropped
      1 minute input rate 328 pkts/sec,  313770 bytes/sec
      1 minute output rate 301 pkts/sec,  32459 bytes/sec
      1 minute drop rate, 2 pkts/sec
      5 minute input rate 485 pkts/sec,  503789 bytes/sec
      5 minute output rate 387 pkts/sec,  57681 bytes/sec
      5 minute drop rate, 2 pkts/sec
  Control Point Interface States:
Interface number is 2
<--- More --->
Interface config status is active
Interface state is active
Interface Ethernet0/0 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001f.9ee8.ff9a, MTU not set
IP address unassigned
10749794 packets input, 10630700889 bytes, 0 no buffer
Received 2506 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
3 switch ingress policy drops
7541070 packets output, 1028190148 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/1 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
<--- More --->
Available but not configured via nameif
MAC address 001f.9ee8.ff9b, MTU not set
IP address unassigned
7741977 packets input, 1064586806 bytes, 0 no buffer
Received 211282 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
10644663 packets output, 10543362751 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/2 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9c, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
<--- More --->
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/3 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9d, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
<--- More --->
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/4 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9e, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
<--- More --->
Interface number is unassigned
Interface Ethernet0/5 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9f, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/6 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
<--- More --->
MAC address 001f.9ee8.ffa0, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/7 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ffa1, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
<--- More --->
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
  Control Point Interface States:
Interface number is unassigned
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 12%; 1 minute: 11%; 5 minutes: 11%
------------------ show cpu hogging process ------------------
Process:      Dispatch Unit, NUMHOG: 1, MAXHOG: 133, LASTHOG: 140
LASTHOG At:   04:45:59 UTC Nov 26 2013
PC:           8be0f7
Traceback:    8bed19  8bf553  302b87  3030a5  2fad69  7674bf  75ca16
              c6251d  c62a4c  c62f6c  75c653  767820  797f64  769c85
<--- More --->
------------------ show process ------------------
    PC       SP       STATE       Runtime    SBASE     Stack Process
Mwe 00c9bb24 01bb8700 013e3250          0 01733fc8 15616/16384 emweb/cifs
Lwe 001072ac 0176f9c4 013e32d0          0 0176d9f0 8132/8192 block_diag
Mrd 00223a67 01783d5c 013e33b0     314854 0177be18 25752/32768 Dispatch Unit
Msi 00f82847 01b07b84 013e3250        229 01b05bc0 7984/8192 y88acs06 OneSec Thread
Mwe 0011b1a5 01b09cfc 013e3250          0 01b07d88 7864/8192 Reload Control Thread
Mwe 00120606 01b1260c 013e5258          0 01b10988 7256/8192 aaa
Mwe 001486aa 01b19404 013e5ae8          0 01b15450 16020/16384 CMGR Server Process
Mwe 0014c3c5 01b1b4d4 013e3250          0 01b19570 7968/8192 CMGR Timer Process
Lwe 002227a1 01b239b4 013ee360          0 01b219f0 7524/8192 dbgtrace
Mwe 004e1ba5 01b29c34 013e3250        157 01b27d50 6436/8192 eswilp_svi_init
Mwe 01064b1d 01b4a7f4 013e3250          0 01b48890 7848/8192 Chunk Manager
Msi 008b61b6 01b52d54 013e3250        230 01b50da0 7856/8192 PIX Garbage Collector
Lsi 00ecb6ac 01b54e94 013e3250         12 01b52ec0 7552/8192 route_process
Mwe 008a5ddc 01b5dc04 0133b430          0 01b5bc40 8116/8192 IP Address Assign
Mwe 00acb779 01b60604 01346e10          0 01b5e640 8116/8192 QoS Support Module
Mwe 0091eba9 01b6275c 0133c530          0 01b60798 8116/8192 Client Update Task
Lwe 01083c8e 01b656d4 013e3250     123088 01b63770 7840/8192 Checkheaps
Mwe 00acfd7d 01b6b824 013e3250        623 01b69ad0 3476/8192 Quack process
Mwe 00b2a260 01b6dad4 013e3250         22 01b6bbf0 7364/8192 Session Manager
Mwe 00c55efd 01b78564 031d0478          4 01b74a50 14768/16384 uauth
<--- More --->
Mwe 00be3c9e 01b7aaec 0135c010          0 01b78b28 7524/8192 Uauth_Proxy
Mwe 00c52759 01b80e0c 01361770          0 01b7ee88 7712/8192 SMTP
Mwe 00c3f7b9 01b82eec 01361710          0 01b80fa8 7412/8192 Logger
Mwe 00c3fd26 01b8502c 013e3250          0 01b830c8 7492/8192 Thread Logger
Mwe 00f62272 01b9596c 013ac520          0 01b939c8 7188/8192 vpnlb_thread
Msi 00b4097c 01c598c4 013e3250        190 01c578f0 8000/8192 emweb/cifs_timer
Msi 005bd338 017a909c 013e3250      25855 017a7108 7412/8192 arp_timer
Mwe 005c76bc 01b486e4 013fba50      20643 01b46770 7348/8192 arp_forward_thread
Mwe 00c5a919 023fa5fc 013619e0          0 023f8648 7968/8192 tcp_fast
Mwe 00c5a6e5 023fc624 013619e0          0 023fa670 7968/8192 tcp_slow
Mwe 00c754d1 0240d42c 013628a0          0 0240b478 8100/8192 udp_timer
Mwe 0019cb17 01b404a4 013e3250          0 01b3e530 7984/8192 CTCP Timer process
Mwe 00efe8b3 0308c15c 013e3250          0 0308a208 7952/8192 L2TP data daemon
Mwe 00efef23 0308e194 013e3250          0 0308c230 7968/8192 L2TP mgmt daemon
Mwe 00eea02b 030c62ac 013a5c10         43 030c2338 16244/16384 ppp_timer_thread
Msi 00f62d57 030c82f4 013e3250        264 030c6360 7924/8192 vpnlb_timer_thread
Mwe 001b96e6 01b7cbbc 01b1e9c8          1 01b7ac48 7728/8192 IPsec message handler
Msi 001c9bac 01b8d4dc 013e3250       2917 01b8b548 7648/8192 CTM message handler
Mwe 00af93b8 031465b4 013e3250          0 03144640 7984/8192 ICMP event handler
Mwe 00831003 0314a724 013e3250        387 031467b0 16100/16384 IP Background
Mwe 0021b267 031a83c4 013123c0         31 03188450 123488/131072 tmatch compile thread
Mwe 009f2405 03290044 013e3250          0 0328c0c0 16072/16384 Crypto PKI RECV
Mwe 009f305a 03294144 013e3250          0 032901e0 16040/16384 Crypto CA
Mwe 0064d4fd 01b3e24c 013e3250          8 01b3c2f8 7508/8192 ESW_MRVL switch interrupt service
<--- More --->
Msi 00646f5c 032c134c 013e3250    3059378 032bf448 7184/8192 esw_stats
Lsi 008cbb80 032dc704 013e3250          3 032da730 7908/8192 uauth_urlb clean
Lwe 008afee7 034a0914 013e3250        197 0349e9b0 6636/8192 pm_timer_thread
Mwe 0052f0bf 034a35ac 013e3250          0 034a1648 7968/8192 IKE Timekeeper
Mwe 00520f6b 034a8adc 0132e2b0          0 034a4e38 15448/16384 IKE Daemon
Mwe 00bf5c78 034ac7ac 01360680          0 034aa7f8 8100/8192 RADIUS Proxy Event Daemon
Mwe 00bc32de 034ae79c 034dcbe0          0 034ac918 7208/8192 RADIUS Proxy Listener
Mwe 00bf5e0f 034b099c 013e3250          0 034aea38 7968/8192 RADIUS Proxy Time Keeper
Mwe 005aac4c 034b3154 013fb980          0 034b1250 7492/8192 Integrity FW Task
M*  008550a5 0009fefc 013e33b0       3183 034e3b20 24896/32768 ci/console
Msi 008eb694 034ed9d4 013e3250       2370 034ebc40 6176/8192 update_cpu_usage
Msi 008e6415 034f7dac 013e3250       1096 034f5eb8 6124/8192 NIC status poll
Mwe 005b63e6 03517d1c 013fbd10       1963 03515d78 7636/8192 IP Thread
Mwe 005becbe 03519e4c 013fbcb0          3 03517e98 7384/8192 ARP Thread
Mwe 004c2b36 0351befc 013fbae0          0 03519fe8 7864/8192 icmp_thread
Mwe 00c7722e 0351e06c 013e3250          0 0351c108 7848/8192 udp_thread
Mwe 00c5d126 0352008c 013fbd00          0 0351e228 7688/8192 tcp_thread
Mwe 00bc32de 03a6982c 03a5ee18          0 03a679b8 7512/8192 EAPoUDP-sock
Mwe 00266c15 03a6b614 013e3250          0 03a699e0 7032/8192 EAPoUDP
Mwe 005a6728 01b27b94 013e3250          0 01b25c30 7968/8192 Integrity Fw Timer Thread
-     -        -         -      47686621    -         -     scheduler
-     -        -         -      51253819    -         -     total elapsed
------------------ show failover ------------------
<--- More --->
ERROR: Command requires failover license
------------------ show traffic ------------------
inside:
received (in 51429.740 secs):
7749585 packets905087345 bytes
67 pkts/sec17013 bytes/sec
transmitted (in 51429.740 secs):
10653162 packets10355908020 bytes
40 pkts/sec201026 bytes/sec
      1 minute input rate 412 pkts/sec,  51803 bytes/sec
      1 minute output rate 475 pkts/sec,  522952 bytes/sec
      1 minute drop rate, 24 pkts/sec
      5 minute input rate 399 pkts/sec,  59676 bytes/sec
      5 minute output rate 483 pkts/sec,  503200 bytes/sec
      5 minute drop rate, 9 pkts/sec
outside:
received (in 51430.240 secs):
10758403 packets10441440193 bytes
42 pkts/sec203021 bytes/sec
transmitted (in 51430.240 secs):
7548339 packets872053854 bytes
<--- More --->
63 pkts/sec16037 bytes/sec
      1 minute input rate 479 pkts/sec,  523680 bytes/sec
      1 minute output rate 387 pkts/sec,  46796 bytes/sec
      1 minute drop rate, 3 pkts/sec
      5 minute input rate 485 pkts/sec,  503789 bytes/sec
      5 minute output rate 387 pkts/sec,  57681 bytes/sec
      5 minute drop rate, 2 pkts/sec
_internal_loopback:
received (in 51430.740 secs):
1 packets28 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51430.740 secs):
1 packets28 bytes
0 pkts/sec0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Aggregated Traffic on Physical Interface
<--- More --->
Ethernet0/0:
received (in 51431.740 secs):
10758462 packets10640075825 bytes
42 pkts/sec206042 bytes/sec
transmitted (in 51431.740 secs):
7548383 packets1029818127 bytes
63 pkts/sec20023 bytes/sec
      1 minute input rate 485 pkts/sec,  537048 bytes/sec
      1 minute output rate 395 pkts/sec,  54546 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 485 pkts/sec,  511723 bytes/sec
      5 minute output rate 387 pkts/sec,  65495 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/1:
received (in 51433.570 secs):
7749780 packets1066328930 bytes
67 pkts/sec20064 bytes/sec
transmitted (in 51433.570 secs):
10653359 packets10552787020 bytes
40 pkts/sec205006 bytes/sec
      1 minute input rate 419 pkts/sec,  59621 bytes/sec
      1 minute output rate 480 pkts/sec,  533950 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 399 pkts/sec,  67618 bytes/sec
<--- More --->
      5 minute output rate 482 pkts/sec,  511073 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/2:
received (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/3:
received (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
<--- More --->
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/4:
received (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/5:
received (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
<--- More --->
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/6:
received (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Ethernet0/7:
received (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51435.010 secs):
<--- More --->
0 packets0 bytes
0 pkts/sec0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 51435.510 secs):
18513901 packets11784250044 bytes
25 pkts/sec229023 bytes/sec
transmitted (in 51435.510 secs):
18207269 packets11641332179 bytes
19 pkts/sec226078 bytes/sec
      1 minute input rate 891 pkts/sec,  595715 bytes/sec
      1 minute output rate 863 pkts/sec,  588935 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 885 pkts/sec,  584035 bytes/sec
      5 minute output rate 870 pkts/sec,  580393 bytes/sec
      5 minute drop rate, 0 pkts/sec
Internal-Data0/1:
received (in 51436.010 secs):
18207323 packets11641364184 bytes
<--- More --->
19 pkts/sec226076 bytes/sec
transmitted (in 51436.010 secs):
18513954 packets11784281987 bytes
25 pkts/sec229022 bytes/sec
      1 minute input rate 855 pkts/sec,  575808 bytes/sec
      1 minute output rate 884 pkts/sec,  582339 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 869 pkts/sec,  578350 bytes/sec
      5 minute output rate 883 pkts/sec,  581924 bytes/sec
      5 minute drop rate, 0 pkts/sec
------------------ show perfmon ------------------
PERFMON STATS:    Current      Average
Xlates               0/s          0/s
Connections         17/s          6/s
TCP Conns            8/s          2/s
UDP Conns            7/s          2/s
URL Access           0/s          0/s
URL Server Req       0/s          0/s
TCP Fixup            0/s          0/s
TCP Intercept        0/s          0/s
HTTP Fixup           0/s          0/s
<--- More --->
FTP Fixup            0/s          0/s
AAA Authen           0/s          0/s
AAA Author           0/s          0/s
AAA Account          0/s          0/s
------------------ show counters ------------------
Protocol     Counter                     Value   Context
IP           IN_PKTS                  168960   Summary
IP           OUT_PKTS                 169304   Summary
IP           TO_ARP                       61   Summary
------------------ show history ------------------
------------------ show firewall ------------------
Firewall mode: Transparent
------------------ show running-config ------------------
<--- More --->
: Saved
ASA Version 7.2(3)
firewall transparent
hostname ciscoasa
enable password
names
interface Vlan1
nameif inside
security-level 100
interface Vlan2
nameif outside
security-level 0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
<--- More --->
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd
regex domain1 ".facebook\.com"
regex domain2 ".fb\.com"
regex domain3 ".youtube\.com"
ftp mode passive
access-list ACL_IN extended permit ip any any
pager lines 24
mtu inside 1500
mtu outside 1500
ip address 192.168.1.254 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
<--- More --->
arp timeout 14400
access-group ACL_IN in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map type regex match-any DomainBlockList
match regex domain1
match regex domain2
match regex domain3
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
<--- More --->
  message-length maximum 512
match domain-name regex class DomainBlockList
  drop-connection log
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:bb5115ea1d14ee42e7961ef0c9aaed86
: end
<--- More --->
------------------ show startup-config errors ------------------
INFO: No configuration errors
------------------ console logs ------------------
Message #1 : Message #2 : Message #3 : Message #4 : Message #5 : Message #6 : Message #7 : Message #8 : Message #9 : Message #10 : Message #11 : Message #12 : Message #13 : Message #14 :
Total SSMs found: 0
Message #15 :
Total NICs found: 10
Message #16 : 88E6095 rev 2 Gigabit Ethernet @ index 09Message #17 :  MAC: 0000.0003.0002
Message #18 : 88E6095 rev 2 Ethernet @ index 08Message #19 :  MAC: 001f.9ee8.ffa1
Message #20 : 88E6095 rev 2 Ethernet @ index 07Message #21 :  MAC: 001f.9ee8.ffa0
Message #22 : 88E6095 rev 2 Ethernet @ index 06Message #23 :  MAC: 001f.9ee8.ff9f
Message #24 : 88E6095 rev 2 Ethernet @ index 05Message #25 :  MAC: 001f.9ee8.ff9e
Message #26 : 88E6095 rev 2 Ethernet @ index 04Message #27 :  MAC: 001f.9ee8.ff9d
Message #28 : 88E6095 rev 2 Ethernet @ index 03Message #29 :  MAC: 001f.9ee8.ff9c
Message #30 : 88E6095 rev 2 Ethernet @ index 02Message #31 :  MAC: 001f.9ee8.ff9b
Message #32 : 88E6095 rev 2 Ethernet @ index 01Message #33 :  MAC: 001f.9ee8.ff9a
Message #34 : y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 001f.9ee8.ffa2
Message #35 :
Licensed features for this platform:
Message #36 : Maximum Physical Interfaces : 8        
<--- More --->
Message #37 : VLANs                       : 3, DMZ Restricted
Message #38 : Inside Hosts                : Unlimited
Message #39 : Failover                    : Disabled
Message #40 : VPN-DES                     : Enabled  
Message #41 : VPN-3DES-AES                : Enabled  
Message #42 : VPN Peers                   : 10       
Message #43 : WebVPN Peers                : 2        
Message #44 : Dual ISPs                   : Disabled 
Message #45 : VLAN Trunk Ports            : 0        
Message #46 :
This platform has a Base license.
Message #47 :
Message #48 : Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Message #49 :                              Boot microcode   : CNlite-MC-Boot-Cisco-1.2
Message #50 :                              SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
Message #51 :                              IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
Message #52 :   --------------------------------------------------------------------------
Message #53 :                                  .            .                            
Message #54 :                                  |            |                            
Message #55 :                                 |||          |||                           
Message #56 :                               .|| ||.      .|| ||.                         
Message #57 :                            .:||| | |||:..:||| | |||:.                      
Message #58 :                             C i s c o  S y s t e m s                       
Message #59 :   --------------------------------------------------------------------------
<--- More --->
Message #60 :
Cisco Adaptive Security Appliance Software Version 7.2(3)
Message #61 :
Message #62 :   ****************************** Warning *******************************
Message #63 :   This product contains cryptographic features and is
Message #64 :   subject to United States and local country laws
Message #65 :   governing, import, export, transfer, and use.
Message #66 :   Delivery of Cisco cryptographic products does not
Message #67 :   imply third-party authority to import, export,
Message #68 :   distribute, or use encryption. Importers, exporters,
Message #69 :   distributors and users are responsible for compliance
Message #70 :   with U.S. and local country laws. By using this
Message #71 :   product you agree to comply with applicable laws and
Message #72 :   regulations. If you are unable to comply with U.S.
Message #73 :   and local laws, return the enclosed items immediately.
Message #74 :
Message #75 :   A summary of U.S. laws governing Cisco cryptographic
Message #76 :   products may be found at:
Message #77 :   http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #78 :
Message #79 :   If you require further assistance please contact us by
Message #80 :   sending email to [email protected]
Message #81 :   ******************************* Warning *******************************
Message #82 :
<--- More --->
Message #83 : Copyright (c) 1996-2007 by Cisco Systems, Inc.
Message #84 :                 Restricted Rights Legend
Message #85 : Use, duplication, or disclosure by the Government is
Message #86 : subject to restrictions as set forth in subparagraph
Message #87 : (c) of the Commercial Computer Software - Restricted
Message #88 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #89 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #90 : Software clause at DFARS sec. 252.227-7013.
Message #91 :                 Cisco Systems, Inc.
Message #92 :                 170 West Tasman Drive
Message #93 :                 San Jose, California 95134-1706
ciscoasa#   
  • Internet Connection Became Slow after Introduction of Cisco ASA 5505 to the Network Update:10-11

    I configured a Cisco ASA 5505 (Version Cisco Adaptive Security Appliance Software Version 7.2(3) Device Manager Version 5.2(3) in transparent firewall mode and inserted after Cisco 1700 router. However, the internet connection became very slow and us

  • Cisco ASA 5505 - 2 internal Networks Update:10-11

    Hi new to ASA's, Been trying to get the following setup working for ages but can't see what I am missing: (Got image from another post but exactly what I want but cannot get working) I can get ping between subnets but nothing else and Lan 2 cannot ge

  • Cisco ASA 5505 VPN Routing/Networking Question Update:10-11

    I have a very basic question about Cisco ASA 5505 IPsec Site to Site VPNs.  I want to install a Cisco ASA 5505 at a Data Center, in a LAN subnet that utilizes publicly routable IP addresses.  I would like to install a second Cisco ASA 5505 in a remot

  • "Network disabled because Internet connection is slow" Update:10-11

    I have both a Samsung Galaxy S3 and a new Samsung Tab 3.   After a recent software upgrade, I was having connectivity issues to wireless routers.   The message I got when connecting to a secure wireless network was "Network disabled because Internet

  • Cisco ASA 5505 - Keeps dropping internet connection Update:10-11

    Hi, We are having some issues with our Cisco ASA 5505 unit, it intermittently drops the outside interface connection. Internally the network appears to be working correctly with no issues. Even though the outside interface indicates it is 'up' access

  • Cisco ASA 5505 doesn't forware incoming connection to LAN Update:10-11

    Hello everybody. I just got a Cisco asa 5505 with the next OS and ASDM info ASA 5505 OS 8.4(3) ASDM 6.47 I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a secon

  • Cisco ASA 5505 - 2 PPPoE connection Update:10-11

    Hi, Please I would be very pleased if someone could give me a hand in this matter. I have a Cisco ASA 5505 9.0(2), 2 dial-up connection (ADSL) with fix IP from the same ISP. I have 2 Linksys router (each dial-up has a router) as well. Both Linksys ar

  • How to sync clock of Cisco ASA 5505 from NTP Server on internet Update:10-11

    Hi there! i've setup a site, with cisco ASA 5505. It has public ip also. i want to sync the clock of firewall from on ntp server on internet, or with internal domain controller that is inside LAN. The firewall has public IP also. how can i do this? R

  • Setting up site to site vpn with cisco asa 5505 Update:10-11

    I have a cisco asa 5505 that needs to be set up for site to site vpn to a cisco asa 5500. The 5505 is the remote office and the 5500 is the main office. IP of remote office router is 71.37.178.142 IP of the main office firewall is 209.117.141.82 Can

  • Cisco ASA 5505 Site to Site VPN Update:10-11

    Hello All, First time posting to the forums. I've been working with Cisco ASA 5505 for a number of months and recently I purchased a 2nd ASA with the goal of setting up Site to Site VPN tunnel. It look so simple from the number of videos that I have