[cisco-ttl] Re: PIX'de cpu %95'lere cikiyor

From: serust (sustundag_at_tepum.com.tr)
Date: Wed Sep 15 2004 - 09:57:13 GMT

  • Next message: serust: "[cisco-ttl] Re: PIX'de cpu %95'lere cikiyor"

    Ben PIX'i bankalar universiteler gibi cok yogun internet trafiği olan =

    bir cok yere kurdum dedigin yuzdelere geldigini hic gormedim
    Verdigin xlate degerlerinde ip basina 20 connection dusunuyor ki bu
    cok anormal bir durum.IDS'iniz var mi PIX'in ic veya dis bacagini
    dinleme sansin var mi Ayrica Sniffer ile de capture yapabilirsin
    Virus falan gibi bir sey olabilir mi?
    Aklima gelen bir sey de pix de debug acik mi Daha once bir sey icin
    acip unutmus olabilirmisin? PIX'in CPU'usunu bu kadar tavana
    vurdurabilecek anca o olabilir...
    Bir de 2 yilonce uretilmis PIX'ler de olan bir Hang sorunu vardi
    Acaba senin PIX o seri araliginda olabilir mi?
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_field_n
    otice09186a00800949c7.shtml

    adresinden ayrintili bilgi alabilirsin Cisco PIX'i ucretsiz
    degistiriyor.

    Herkese kolay gelsin arkadaslar

    Serkan Ustundag

    Network and Security Engineer
    CCNP,CCDP,CCSE
    CCSP (Cisco Certified Security Professional)
    Cisco Network Management Specialist

    sustundag_at_secura.com.tr

    Secura bir TEPUM grup sirketidir

    Cisco Systems IP Communications Partner of the Year, 2004, Turkey
    Cisco Systems Security Partner of the Year, 2004, Turkey
    Cisco Systems AVVID Partner of the Year, 2003, EMEA (Europe, Middle
    East and Africa)
    Cisco Systems Solution Partner of the Year, 2002, Turkey

    Gazeteciler Mahallesi, Haberler Sokak
    No:8 34394 Esentepe Istanbul
    Direkt : +90 212 3550640
    Santral: +90 212 3550600
    Faks : +90 212 2757115

    www.secura.com.tr

    www.tepum.com.tr

    --- In cisco-ttl_at_yahoogroups.com, "A.Murat BAYRAM" <mbayram_at_y...>
    wrote:
    > Merhabalar,
    >
    > PDM ile izliyorum, Pix firewallumuzun islemcisi, özellikle trafigin
    yogun oldugu
    > vakitlerde normalde %20-30 civarinda seyrederken birden %95-100'e
    cikiyor ve
    > ulasilamaz hale geliyor. Bazen belli bir sure sonra (10-15 dk gibi)
    kendiliginden
    > duzeliyor, bazen de kapatip acmak gerekiyor, hatta bazen kapatip
    acmak da sonuc
    > vermiyor cunku cok kisa bir surede yine islemci tavan yapiyor...
    Tabi bu
    > kesintiler, kullanicilarin internete cikamamasina neden oluyor.
    >
    > sh xlate yaptigimda; 28424 in use, 32702 most used oldugunu gordum.
    Bu rakamlar
    > bana anormal geldi.
    > 11 tane global outside ip adres tanimli, yine 11 tane dahili
    networkdeki vlanlara
    > nat yapiliyor. Yaklaşık 1500 civarında bilgisayar bu natlarda
    internete çıkıyor.
    >
    > Islemcinin bu sekilde anormal yukselmesi neye baglanabilir? Asagida
    sh ver
    > ciktisini ve sh run ozet ciktisini gonderiyorum...
    > Saygilarimla
    >
    > Murat BAYRAM
    > Yuzuncu Yil Universitesi
    > ------------------------------------------------------
    >
    > PixFirewall# sh ver
    >
    > Cisco PIX Firewall Version 6.3(3)
    > Cisco PIX Device Manager Version 3.0(1)
    >
    > Compiled on Wed 13-Aug-03 13:55 by morlee
    >
    > PixFirewall up 43 mins 40 secs
    >
    > Hardware: PIX-515, 128 MB RAM, CPU Pentium 200 MHz
    > Flash i28F640J5 @ 0x300, 16MB
    > BIOS Flash AT29C257 @ 0xfffd8000, 32KB
    >
    > 0: ethernet0: address is 0003.e300.6df7, irq 10
    > 1: ethernet1: address is 0003.e300.6df8, irq 7
    > Licensed Features:
    > Failover: Enabled
    > VPN-DES: Enabled
    > VPN-3DES-AES: Enabled
    > Maximum Physical Interfaces: 6
    > Maximum Interfaces: 10
    > Cut-through Proxy: Enabled
    > Guards: Enabled
    > URL-filtering: Enabled
    > Inside Hosts: Unlimited
    > Throughput: Unlimited
    > IKE peers: Unlimited
    >
    > This PIX has an Unrestricted (UR) license.
    >
    > Serial Number: xxxxxxxxxxx (xxxxxxxxxx)
    > Running Activation Key: xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx xxxxxxxxxx
    xxxxxxxxxx
    > Configuration last modified by enable_15 at 13:51:20.359 EEDT Wed
    Sep 15 2004
    >
    >
    > ----------------------------------
    >
    > PixFirewall# sh run
    > : Saved
    > :
    > PIX Version 6.3(3)
    > interface ethernet0 auto
    > interface ethernet1 auto
    > nameif ethernet0 outside security0
    > nameif ethernet1 inside security100
    > enable password xxxxxxxxxxxxx encrypted
    > passwd xxxxxxxxxxx encrypted
    > hostname PixFirewall
    > domain-name yyu.edu.tr
    > clock timezone EEST 2
    > clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
    > fixup protocol dns maximum-length 512
    > fixup protocol domain 53
    > fixup protocol ftp 21
    > fixup protocol h323 h225 1720
    > fixup protocol h323 ras 1718-1719
    > fixup protocol http 80
    > fixup protocol ils 389
    > fixup protocol rsh 514
    > fixup protocol rtsp 554
    > fixup protocol sip 5060
    > fixup protocol sip udp 5060
    > fixup protocol skinny 2000
    > fixup protocol smtp 25
    > fixup protocol sqlnet 1521
    > fixup protocol tftp 69
    > names
    > pager lines 24
    > logging timestamp
    > logging trap critical
    > logging facility 16
    > logging host inside 10.100.0.65
    > mtu outside 1500
    > mtu inside 1500
    > ip address outside 193.255.143.253 255.255.255.0
    > ip address inside 10.100.0.5 255.255.0.0
    > ip audit info action alarm drop
    > ip audit attack action alarm drop
    > no failover
    > failover timeout 0:00:00
    > failover poll 15
    > no failover ip address outside
    > no failover ip address inside
    > pdm location 10.1.10.0 255.255.255.0 inside
    > pdm location 10.1.30.0 255.255.255.0 inside
    > pdm location 10.1.40.0 255.255.255.0 inside
    > pdm location 10.1.50.0 255.255.255.0 inside
    > pdm location 10.1.70.0 255.255.255.0 inside
    > pdm location 10.1.80.0 255.255.255.0 inside
    > pdm location 10.1.90.0 255.255.255.0 inside
    > .
    > .
    > .
    > .
    > .
    > .
    > .
    >
    > global (outside) 1 193.255.143.230
    > global (outside) 6 193.255.143.53
    > global (outside) 2 193.255.143.58
    > global (outside) 3 193.255.143.50
    > global (outside) 4 193.255.143.51
    > global (outside) 5 193.255.143.52
    > global (outside) 8 193.255.143.54
    > global (outside) 9 193.255.143.55
    > global (outside) 10 193.255.143.56
    > global (outside) 11 193.255.143.57
    > global (outside) 7 193.255.143.59
    > nat (inside) 2 10.90.0.0 255.255.0.0 dns 0 0
    > nat (inside) 1 10.100.0.0 255.255.0.0 dns 0 0
    > nat (inside) 3 10.110.0.0 255.255.0.0 dns 0 0
    > nat (inside) 4 10.120.0.0 255.255.0.0 dns 0 0
    > nat (inside) 5 10.130.0.0 255.255.0.0 dns 0 0
    > nat (inside) 6 10.140.0.0 255.255.0.0 dns 0 0
    > nat (inside) 7 10.145.0.0 255.255.0.0 dns 0 0
    > nat (inside) 8 10.150.0.0 255.255.0.0 dns 0 0
    > nat (inside) 9 10.160.0.0 255.255.0.0 dns 0 0
    > nat (inside) 10 10.170.0.0 255.255.0.0 dns 0 0
    > nat (inside) 11 10.180.0.0 255.255.0.0 dns 0 0
    > .
    > .
    > .
    > .
    >
    > rip outside default version 1
    > rip inside default version 1
    > .
    > .
    > .
    > .
    > timeout xlate 3:00:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00
    h225 1:00:00
    > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    > timeout uauth 0:05:00 absolute
    > aaa-server TACACS+ protocol tacacs+
    > aaa-server RADIUS protocol radius
    > aaa-server LOCAL protocol local
    > http server enable
    > .
    > .
    > .
    > floodguard enable
    > sysopt connection permit-ipsec
    > sysopt noproxyarp inside
    > .
    > .
    > telnet timeout 5
    > console timeout 0
    > terminal width 80
    > Cryptochecksum:4bede6c240346fa9f1b4f85f5452ac07
    > : end

    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/

    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     



    This archive was generated by hypermail 2.1.5 : Wed Sep 15 2004 - 13:58:24 GMT