Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA 5508-x slow

Status
Not open for further replies.
setenvjt

setenvjt

Technical User
Dec 29, 2008
32
0
0
US
Ive got a strange problem with one of my Cisco asa units. Its a 5508-x (IOS 9.4) on a 100Mbit ethernet connection. It has 3 site to site VPN tunnels to other buildings carrying VOIP traffic. Everything seems to work fine but when our users hit one of our POS servers which is colocated the traffic to that server starts to fail. They can hit other servers fine and users at other branches can hit the "affected" server fine as well. This leads me back to the ASA though I'm not sure where to go from here.

sh conn count gives me around 1000 active and 1600 max
sh xlate count gives me about 700 active and 1200 max

I'm not running scanning threat protection right now. CPU usage is low. Most of the time 2-12%. Uses about 900MB of RAM out of 3GB. I have 130 devices on the network behind the ASA with 90 of those devices being computers that need to access this POS server. If i had to guess I would say the ASA cannot handle that many connection to one host. I am not seeing this problem on my other branches that are using a larger ASA 5525 with much bigger network loads. Any insight would be greatly appreciated.

Thanks,
Jeremy
 
Sort by date Sort by votes
while I'm not seeing any interface errors or underruns/overruns I did find these entries. This should mean that the datapath processes are being held up. If this is true it should also show high CPU usage and queue problems, which I'm not seeing. I'm going out on a limb now but there is either a bug or a hardware problem. Has anyone else seen this?


Process: tmatch compile thread, NUMHOG: 73, MAXHOG: 11, LASTHOG: 1
LASTHOG At: 04:57:51 UTC Feb 5 2016
PC: 0x00000000006d9ea9 (suspend)
Call stack: 0x00000000006d9ea9 0x000000000044f83b


Process: ssh_init, PROC_PC_TOTAL: 1069, MAXHOG: 6, LASTHOG: 6
LASTHOG At: 08:53:10 UTC Feb 5 2016
PC: 0x00000000005b10d9 (suspend)

Process: ssh_init, NUMHOG: 1066, MAXHOG: 6, LASTHOG: 6
LASTHOG At: 08:53:10 UTC Feb 5 2016
PC: 0x00000000005b10d9 (suspend)
Call stack: 0x00000000005b10d9 0x00000000022242a9


Process: DATAPATH-0-1911, PROC_PC_TOTAL: 717, MAXHOG: 10, LASTHOG: 1
LASTHOG At: 08:53:50 UTC Feb 5 2016
PC: 0x0000000000000000 (suspend)

Process: DATAPATH-0-1911, NUMHOG: 563, MAXHOG: 10, LASTHOG: 1
LASTHOG At: 08:53:50 UTC Feb 5 2016
PC: 0x0000000000000000 (suspend)
Call stack: 0x0000000000438d4a 0x0000000000721a8d 0x000000000170b080
0x000000000171476c 0x00000036e0208201


Process: DATAPATH-1-1912, PROC_PC_TOTAL: 646, MAXHOG: 7, LASTHOG: 5
LASTHOG At: 08:53:10 UTC Feb 5 2016
PC: 0x0000000000000000 (suspend)

Process: DATAPATH-1-1912, NUMHOG: 472, MAXHOG: 7, LASTHOG: 5
LASTHOG At: 08:53:10 UTC Feb 5 2016
PC: 0x0000000000000000 (suspend)
Call stack: 0x0000000000438d4a 0x0000000000721a8d 0x000000000170b080
0x000000000171476c 0x00000036e0208201
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
118
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
117
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
103
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
136
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top