[cisco-ttl] PIX'de cpu %95'lere cikiyor

From: A.Murat BAYRAM (mbayram_at_yyu.edu.tr)
Date: Wed Sep 15 2004 - 09:05:11 GMT

  • Next message: Serhat Uslay: "Re: [cisco-ttl] PIX'de cpu %95'lere cikiyor"

    Merhabalar,

    PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin yogun oldugu
    vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e cikiyor ve
    ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk gibi) kendiliginden
    duzeliyor, bazen de kapatip acmak gerekiyor, hatta bazen kapatip acmak da sonuc
    vermiyor cunku cok kisa bir surede yine islemci tavan yapiyor... Tabi bu
    kesintiler, kullanicilarin internete cikamamasina neden oluyor.

    sh xlate yaptigimda; 28424 in use, 32702 most used oldugunu gordum. Bu rakamlar
    bana anormal geldi.
    11 tane global outside ip adres tanimli, yine 11 tane dahili networkdeki vlanlara
    nat yapiliyor. Yaklaşık 1500 civarında bilgisayar bu natlarda internete çıkıyor.

    Islemcinin bu sekilde anormal yukselmesi neye baglanabilir? Asagida sh ver
    ciktisini ve sh run ozet ciktisini gonderiyorum...
    Saygilarimla

    Murat BAYRAM
    Yuzuncu Yil Universitesi
    ------------------------------------------------------

    PixFirewall# sh ver

    Cisco PIX Firewall Version 6.3(3)
    Cisco PIX Device Manager Version 3.0(1)

    Compiled on Wed 13-Aug-03 13:55 by morlee

    PixFirewall up 43 mins 40 secs

    Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
    Flash i28F640J5 @ 0x300, 16MB
    BIOS Flash AT29C257 @ 0xfffd8000, 32KB

    0: ethernet0: address is 0003.e300.6df7, irq 10
    1: ethernet1: address is 0003.e300.6df8, irq 7
    Licensed Features:
    Failover: Enabled
    VPN-DES: Enabled
    VPN-3DES-AES: Enabled
    Maximum Physical Interfaces: 6
    Maximum Interfaces: 10
    Cut-through Proxy: Enabled
    Guards: Enabled
    URL-filtering: Enabled
    Inside Hosts: Unlimited
    Throughput: Unlimited
    IKE peers: Unlimited

    This PIX has an Unrestricted (UR) license.

    Serial Number: xxxxxxxxxxx (xxxxxxxxxx)
    Running Activation Key: xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx
    Configuration last modified by enable_15 at 13:51:20.359 EEDT Wed Sep 15 2004

    ----------------------------------

    PixFirewall# sh run
    : Saved
    :
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password xxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxx encrypted
    hostname PixFirewall
    domain-name yyu.edu.tr
    clock timezone EEST 2
    clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    fixup protocol dns maximum-length 512
    fixup protocol domain 53
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    pager lines 24
    logging timestamp
    logging trap critical
    logging facility 16
    logging host inside 10.100.0.65
    mtu outside 1500
    mtu inside 1500
    ip address outside 193.255.143.253 255.255.255.0
    ip address inside 10.100.0.5 255.255.0.0
    ip audit info action alarm drop
    ip audit attack action alarm drop
    no failover
    failover timeout 0:00:00
    failover poll 15
    no failover ip address outside
    no failover ip address inside
    pdm location 10.1.10.0 255.255.255.0 inside
    pdm location 10.1.30.0 255.255.255.0 inside
    pdm location 10.1.40.0 255.255.255.0 inside
    pdm location 10.1.50.0 255.255.255.0 inside
    pdm location 10.1.70.0 255.255.255.0 inside
    pdm location 10.1.80.0 255.255.255.0 inside
    pdm location 10.1.90.0 255.255.255.0 inside
    .
    .
    .
    .
    .
    .
    .

    global (outside) 1 193.255.143.230
    global (outside) 6 193.255.143.53
    global (outside) 2 193.255.143.58
    global (outside) 3 193.255.143.50
    global (outside) 4 193.255.143.51
    global (outside) 5 193.255.143.52
    global (outside) 8 193.255.143.54
    global (outside) 9 193.255.143.55
    global (outside) 10 193.255.143.56
    global (outside) 11 193.255.143.57
    global (outside) 7 193.255.143.59
    nat (inside) 2 10.90.0.0 255.255.0.0 dns 0 0
    nat (inside) 1 10.100.0.0 255.255.0.0 dns 0 0
    nat (inside) 3 10.110.0.0 255.255.0.0 dns 0 0
    nat (inside) 4 10.120.0.0 255.255.0.0 dns 0 0
    nat (inside) 5 10.130.0.0 255.255.0.0 dns 0 0
    nat (inside) 6 10.140.0.0 255.255.0.0 dns 0 0
    nat (inside) 7 10.145.0.0 255.255.0.0 dns 0 0
    nat (inside) 8 10.150.0.0 255.255.0.0 dns 0 0
    nat (inside) 9 10.160.0.0 255.255.0.0 dns 0 0
    nat (inside) 10 10.170.0.0 255.255.0.0 dns 0 0
    nat (inside) 11 10.180.0.0 255.255.0.0 dns 0 0
    .
    .
    .
    .

    rip outside default version 1
    rip inside default version 1
    .
    .
    .
    .
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    .
    .
    .
    floodguard enable
    sysopt connection permit-ipsec
    sysopt noproxyarp inside
    .
    .
    telnet timeout 5
    console timeout 0
    terminal width 80
    Cryptochecksum:4bede6c240346fa9f1b4f85f5452ac07
    : end

    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/

    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     



    This archive was generated by hypermail 2.1.5 : Wed Sep 15 2004 - 13:08:24 GMT