Next message: Serhat Uslay: "Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor"
Merhabalar,
PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin yogun oldugu
vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e cikiyor ve
ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk gibi) kendiliginden
duzeliyor, bazen de kapatip acmak gerekiyor, hatta bazen kapatip acmak da sonuc
vermiyor cunku cok kisa bir surede yine islemci tavan yapiyor... Tabi bu
kesintiler, kullanicilarin internete cikamamasina neden oluyor.
sh xlate yaptigimda; 28424 in use, 32702 most used oldugunu gordum. Bu rakamlar
bana anormal geldi.
11 tane global outside ip adres tanimli, yine 11 tane dahili networkdeki vlanlara
nat yapiliyor. Yaklaşık 1500 civarında bilgisayar bu natlarda internete çıkıyor.
Islemcinin bu sekilde anormal yukselmesi neye baglanabilir? Asagida sh ver
ciktisini ve sh run ozet ciktisini gonderiyorum...
Saygilarimla
Murat BAYRAM
Yuzuncu Yil Universitesi
------------------------------------------------------
PixFirewall# sh ver
Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 13-Aug-03 13:55 by morlee
PixFirewall up 43 mins 40 secs
Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0003.e300.6df7, irq 10
1: ethernet1: address is 0003.e300.6df8, irq 7
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces: 10
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
This PIX has an Unrestricted (UR) license.
Serial Number: xxxxxxxxxxx (xxxxxxxxxx)
Running Activation Key: xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx
Configuration last modified by enable_15 at 13:51:20.359 EEDT Wed Sep 15 2004
----------------------------------
PixFirewall# sh run
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxx encrypted
hostname PixFirewall
domain-name yyu.edu.tr
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
fixup protocol dns maximum-length 512
fixup protocol domain 53
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
logging timestamp
logging trap critical
logging facility 16
logging host inside 10.100.0.65
mtu outside 1500
mtu inside 1500
ip address outside 193.255.143.253 255.255.255.0
ip address inside 10.100.0.5 255.255.0.0
ip audit info action alarm drop
ip audit attack action alarm drop
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm location 10.1.10.0 255.255.255.0 inside
pdm location 10.1.30.0 255.255.255.0 inside
pdm location 10.1.40.0 255.255.255.0 inside
pdm location 10.1.50.0 255.255.255.0 inside
pdm location 10.1.70.0 255.255.255.0 inside
pdm location 10.1.80.0 255.255.255.0 inside
pdm location 10.1.90.0 255.255.255.0 inside
.
.
.
.
.
.
.
global (outside) 1 193.255.143.230
global (outside) 6 193.255.143.53
global (outside) 2 193.255.143.58
global (outside) 3 193.255.143.50
global (outside) 4 193.255.143.51
global (outside) 5 193.255.143.52
global (outside) 8 193.255.143.54
global (outside) 9 193.255.143.55
global (outside) 10 193.255.143.56
global (outside) 11 193.255.143.57
global (outside) 7 193.255.143.59
nat (inside) 2 10.90.0.0 255.255.0.0 dns 0 0
nat (inside) 1 10.100.0.0 255.255.0.0 dns 0 0
nat (inside) 3 10.110.0.0 255.255.0.0 dns 0 0
nat (inside) 4 10.120.0.0 255.255.0.0 dns 0 0
nat (inside) 5 10.130.0.0 255.255.0.0 dns 0 0
nat (inside) 6 10.140.0.0 255.255.0.0 dns 0 0
nat (inside) 7 10.145.0.0 255.255.0.0 dns 0 0
nat (inside) 8 10.150.0.0 255.255.0.0 dns 0 0
nat (inside) 9 10.160.0.0 255.255.0.0 dns 0 0
nat (inside) 10 10.170.0.0 255.255.0.0 dns 0 0
nat (inside) 11 10.180.0.0 255.255.0.0 dns 0 0
.
.
.
.
rip outside default version 1
rip inside default version 1
.
.
.
.
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
.
.
.
floodguard enable
sysopt connection permit-ipsec
sysopt noproxyarp inside
.
.
telnet timeout 5
console timeout 0
terminal width 80
Cryptochecksum:4bede6c240346fa9f1b4f85f5452ac07
: end
------------------------ Yahoo! Groups Sponsor --------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM
--------------------------------------------------------------------~->
Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.
Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe_at_yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.5
: Wed Sep 15 2004 - 13:08:24 GMT