Solved

I have a routing issue on an ASA 5520

Posted on 2009-05-12
6
4,149 Views
Last Modified: 2012-06-21
We are trying to setup an ASA 5520 to route traffic from our wireless network (192.168.10.0) to our data network (192.168.37.0).  I get a reply when I ping the gateway for the data network (192.168.37.1) but don't get a response from any other machines on the 192.168.37.0 network.  What have I missed?
Result of the command: "show running-config"
 
: Saved
:
ASA Version 8.0(4) 
!
hostname ciscoasa
domain-name mvl.kmmfg.com
enable password sy9BBdr/2YBb9r9l encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
multicast-routing
names
name 192.168.37.231 CribMaster
!
interface GigabitEthernet0/0
 nameif Embarq
 security-level 0
 ip address 65.40.186.250 255.255.255.128 
!
interface GigabitEthernet0/1
 nameif internalMVL
 security-level 75
 ip address 192.168.37.44 255.255.252.0 
!
interface GigabitEthernet0/2
 nameif InternalWireless
 security-level 75
 ip address 192.168.10.1 255.255.255.0 
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 157.116.123.70 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name mvl.kmmfg.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu internalMVL 1500
mtu InternalWireless 1500
mtu Embarq 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (Embarq) 101 interface
nat (management) 101 0.0.0.0 0.0.0.0
static (InternalWireless,internalMVL) interface 192.168.10.10 netmask 255.255.255.255 
static (InternalWireless,Embarq) interface 192.168.10.10 netmask 255.255.255.255 
static (InternalWireless,internalMVL) 192.168.37.75 192.168.10.11 netmask 255.255.255.255 
static (internalMVL,InternalWireless) 192.168.10.15 CribMaster netmask 255.255.255.255 
route Embarq 0.0.0.0 0.0.0.0 65.40.186.241 1
route internalMVL 192.168.37.0 255.255.255.0 192.168.37.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 159.168.123.58 255.255.255.255 management
http 0.0.0.0 0.0.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto isakmp enable internalMVL
crypto isakmp enable InternalWireless
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet 0.0.0.0 0.0.0.0 management
telnet 157.116.123.58 255.255.255.255 management
telnet 0.0.0.0 0.0.0.0 Embarq
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 management
ssh 157.116.123.58 255.255.255.255 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:9e52208c2eefa1a8e1dad3a7bba8e090
: end
 
Result of the command: "show tech-support"
 
Cisco Adaptive Security Appliance Software Version 8.0(4) 
Device Manager Version 6.1(5)
 
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"
 
ciscoasa up 40 days 0 hours
 
Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
Slot 1: ATA Compact Flash, 512MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
 
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00 
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Ext: GigabitEthernet0/0  : address is 001e.f762.c0a2, irq 9
 1: Ext: GigabitEthernet0/1  : address is 001e.f762.c0a3, irq 9
 2: Ext: GigabitEthernet0/2  : address is 001e.f762.c0a4, irq 9
 3: Ext: GigabitEthernet0/3  : address is 001e.f762.c0a5, irq 9
 4: Ext: Management0/0       : address is 001e.f762.c0a6, irq 11
 5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
 6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
 
Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited 
Maximum VLANs                : 150       
Inside Hosts                 : Unlimited 
Failover                     : Active/Active
VPN-DES                      : Enabled   
VPN-3DES-AES                 : Enabled   
Security Contexts            : 2         
GTP/GPRS                     : Disabled  
VPN Peers                    : 750       
WebVPN Peers                 : 2         
AnyConnect for Mobile        : Disabled  
AnyConnect for Linksys phone : Disabled  
Advanced Endpoint Assessment : Disabled  
UC Proxy Sessions            : 2         
 
This platform has an ASA 5520 VPN Plus license.
 
Serial Number: JMX1209L1VB
Running Activation Key: 0x42094e51 0x348bcd43 0x40527d80 0x99901ca8 0x830aad83 
Configuration register is 0x1
Configuration last modified by enable_15 at 15:14:17.849 CDT Tue May 12 2009
 
------------------ show clock ------------------
 
15:20:36.849 CDT Tue May 12 2009
 
------------------ show crashinfo ------------------
 
No crash file found.
 
 
------------------ show module ------------------
 
 
Mod Card Type                                    Model              Serial No. 
--- -------------------------------------------- ------------------ -----------
  0 ASA 5520 Adaptive Security Appliance         ASA5520            JMX1209L1VB
  1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10     JAF1204BGJK
 
Mod MAC Address Range                 Hw Version   Fw Version   Sw Version     
--- --------------------------------- ------------ ------------ ---------------
  0 001e.f762.c0a2 to 001e.f762.c0a6  2.0          1.0(11)2     8.0(4)
  1 001e.7a36.7877 to 001e.7a36.7877  1.0          1.0(11)2     CSC SSM 6.2.1599.0
 
Mod SSM Application Name           Status           SSM Application Version
--- ------------------------------ ---------------- --------------------------
  1 CSC SSM                        Up               6.2.1599.0
 
Mod Status             Data Plane Status     Compatibility
--- ------------------ --------------------- -------------
  0 Up Sys             Not Applicable         
  1 Up                 Up                     
 
 
------------------ show memory ------------------
 
Free memory:       297403160 bytes (56%)
Used memory:       232287336 bytes (44%)
-------------     ----------------
Total memory:      529690496 bytes (100%)
 
------------------ show memory dma ------------------
 
DMA memory:
   Unused memory:                 23628656 bytes (30%)
   Crypto reserved memory:        20471932 bytes (26%)
      Crypto free:                19292164 bytes (24%)
      Crypto used:                 1179768 bytes ( 1%)
   Block reserved memory:         34889696 bytes (44%)
      Block free:                 31106144 bytes (39%)
      Block used:                  3783552 bytes ( 5%)
   Used memory:                     250932 bytes ( 0%)
-----------------------------   ----------------
   Total memory:                  79241216 bytes (100%)
 
 
------------------ show conn count ------------------
 
32 in use, 67 most used
 
------------------ show xlate count ------------------
 
4 in use, 4 most used
 
------------------ show blocks ------------------
 
  SIZE    MAX    LOW    CNT
     0    700    698    700
     4    100     99     99
    80    952    947    952
   256    100     97    100
  1550   8849   7340   7581
  2048   2612   2338   2358
  2560    164    164    164
  4096    100     99    100
  8192    100    100    100
 16384    102    102    102
 65536     16     15     16
 
------------------ show blocks queue history detail ------------------
 
History buffer memory usage: 2136 bytes (default)
 
------------------ show interface ------------------
 
Interface GigabitEthernet0/0 "Embarq", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
	Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
	MAC address 001e.f762.c0a2, MTU 1500
	IP address 65.40.186.250, subnet mask 255.255.255.128
	198946 packets input, 21749026 bytes, 419 no buffer
	Received 181938 broadcasts, 0 runts, 0 giants
	3641 input errors, 0 CRC, 0 frame, 3641 overrun, 0 ignored, 0 abort
	673 L2 decode drops
	2164 packets output, 175019 bytes, 0 underruns
	0 output errors, 0 collisions, 2 interface resets
	0 late collisions, 0 deferred
	0 input reset drops, 0 output reset drops
	input queue (curr/max packets): hardware (0/26) software (0/0)
	output queue (curr/max packets): hardware (0/1) software (0/0)
  Traffic Statistics for "Embarq":
	198260 packets input, 18085770 bytes
	2163 packets output, 129293 bytes
	107166 packets dropped
      1 minute input rate 0 pkts/sec,  5 bytes/sec
      1 minute output rate 0 pkts/sec,  1 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  7 bytes/sec
      5 minute output rate 0 pkts/sec,  2 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Control Point Interface States:
	Interface number is 2
	Interface config status is active
	Interface state is active
Interface GigabitEthernet0/1 "internalMVL", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
	Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
	MAC address 001e.f762.c0a3, MTU 1500
	IP address 192.168.37.44, subnet mask 255.255.252.0
	34747616 packets input, 3500601910 bytes, 1883 no buffer
	Received 34734625 broadcasts, 0 runts, 0 giants
	27360 input errors, 0 CRC, 0 frame, 27360 overrun, 0 ignored, 0 abort
	789 L2 decode drops
	5342 packets output, 412072 bytes, 0 underruns
	0 output errors, 0 collisions, 0 interface resets
	0 late collisions, 0 deferred
	0 input reset drops, 0 output reset drops
	input queue (curr/max packets): hardware (4/33) software (0/0)
	output queue (curr/max packets): hardware (0/4) software (0/0)
  Traffic Statistics for "internalMVL":
	34746371 packets input, 2748628437 bytes
	5341 packets output, 307400 bytes
	27223140 packets dropped
      1 minute input rate 16 pkts/sec,  1425 bytes/sec
      1 minute output rate 0 pkts/sec,  27 bytes/sec
      1 minute drop rate, 10 pkts/sec
      5 minute input rate 16 pkts/sec,  1533 bytes/sec
      5 minute output rate 0 pkts/sec,  36 bytes/sec
      5 minute drop rate, 10 pkts/sec
  Control Point Interface States:
	Interface number is 3
	Interface config status is active
	Interface state is active
Interface GigabitEthernet0/2 "InternalWireless", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
	Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
	MAC address 001e.f762.c0a4, MTU 1500
	IP address 192.168.10.1, subnet mask 255.255.255.0
	2102359 packets input, 182966918 bytes, 0 no buffer
	Received 2069303 broadcasts, 0 runts, 0 giants
	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
	153 L2 decode drops
	4673 packets output, 1761547 bytes, 0 underruns
	0 output errors, 0 collisions, 0 interface resets
	0 late collisions, 0 deferred
	0 input reset drops, 0 output reset drops
	input queue (curr/max packets): hardware (6/25) software (0/0)
	output queue (curr/max packets): hardware (0/25) software (0/0)
  Traffic Statistics for "InternalWireless":
	2101844 packets input, 144459041 bytes
	4673 packets output, 1646285 bytes
	1231299 packets dropped
      1 minute input rate 9 pkts/sec,  269 bytes/sec
      1 minute output rate 0 pkts/sec,  1 bytes/sec
      1 minute drop rate, 8 pkts/sec
      5 minute input rate 9 pkts/sec,  281 bytes/sec
      5 minute output rate 0 pkts/sec,  10 bytes/sec
      5 minute drop rate, 8 pkts/sec
  Control Point Interface States:
	Interface number is 4
	Interface config status is active
	Interface state is active
Interface GigabitEthernet0/3 "", is administratively down, line protocol is down
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
	Auto-Duplex, Auto-Speed
	Available but not configured via nameif
	MAC address 001e.f762.c0a5, MTU not set
	IP address unassigned
	0 packets input, 0 bytes, 0 no buffer
	Received 0 broadcasts, 0 runts, 0 giants
	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
	0 L2 decode drops
	0 packets output, 0 bytes, 0 underruns
	0 output errors, 0 collisions, 0 interface resets
	0 late collisions, 0 deferred
	0 input reset drops, 0 output reset drops
	input queue (curr/max packets): hardware (0/0) software (0/0)
	output queue (curr/max packets): hardware (0/0) software (0/0)
  Control Point Interface States:
	Interface number is 5
	Interface config status is not active
	Interface state is not active
Interface Internal-Control0/0 "cplane", is up, line protocol is up
  Hardware is i82557, BW 100 Mbps, DLY 100 usec
	(Full-duplex), (100 Mbps)
	MAC address 0000.0001.0001, MTU 1500
	IP address 127.0.1.1, subnet mask 255.255.0.0
	1747799 packets input, 157040756 bytes, 0 no buffer
	Received 0 broadcasts, 0 runts, 0 giants
	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
	0 L2 decode drops
	5191114 packets output, 377950554 bytes, 0 underruns
	0 output errors, 0 collisions, 0 interface resets
	0 babbles, 0 late collisions, 0 deferred
	0 lost carrier, 0 no carrier
	input queue (curr/max packets): hardware (0/1) software (0/2)
	output queue (curr/max packets): hardware (0/2) software (0/1)
  Traffic Statistics for "cplane":
	0 packets input, 0 bytes
	0 packets output, 0 bytes
	0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Control Point Interface States:
	Interface number is 8
	Interface config status is active
	Interface state is active
Interface Internal-Data0/0 "", is up, line protocol is up
  Hardware is i82547GI rev00, BW 1000 Mbps, DLY 10 usec
	(Full-duplex), (1000 Mbps)
	MAC address 0000.0001.0002, MTU not set
	IP address unassigned
	12888980 packets input, 824894656 bytes, 0 no buffer
	Received 0 broadcasts, 0 runts, 0 giants
	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
	0 L2 decode drops
	12888982 packets output, 824894848 bytes, 0 underruns
	0 output errors, 0 collisions, 0 interface resets
	0 late collisions, 0 deferred
	0 input reset drops, 0 output reset drops
	input queue (curr/max packets): hardware (1/2) software (0/0)
	output queue (curr/max packets): hardware (0/1) software (0/0)
  Control Point Interface States:
	Interface number is 7
	Interface config status is active
	Interface state is active
Interface Management0/0 "management", is up, line protocol is up
  Hardware is i82557, BW 100 Mbps, DLY 100 usec
	Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
	MAC address 001e.f762.c0a6, MTU 1500
	IP address 157.116.123.70, subnet mask 255.255.255.0
	35701095 packets input, 3479796981 bytes, 0 no buffer
	Received 35527670 broadcasts, 0 runts, 0 giants
	7855 input errors, 0 CRC, 0 frame, 7855 overrun, 0 ignored, 0 abort
	0 L2 decode drops
	230798 packets output, 119155490 bytes, 0 underruns
	0 output errors, 0 collisions, 0 interface resets
	0 babbles, 0 late collisions, 0 deferred
	0 lost carrier, 0 no carrier
	input queue (curr/max packets): hardware (0/1) software (0/188)
	output queue (curr/max packets): hardware (0/19) software (0/4)
  Traffic Statistics for "management":
	35700378 packets input, 2849679231 bytes
	230880 packets output, 114887376 bytes
	27871359 packets dropped
      1 minute input rate 18 pkts/sec,  1506 bytes/sec
      1 minute output rate 2 pkts/sec,  1045 bytes/sec
      1 minute drop rate, 12 pkts/sec
      5 minute input rate 18 pkts/sec,  1614 bytes/sec
      5 minute output rate 2 pkts/sec,  1010 bytes/sec
      5 minute drop rate, 13 pkts/sec
	Management-only interface. Blocked 3541 through-the-device packets
		3520 IPv4 packets originated from management network
		21 IPv4 packets destined to management network
		0 IPv6 packets originated from management network
		0 IPv6 packets destined to management network
  Control Point Interface States:
	Interface number is 6
	Interface config status is active
	Interface state is active
Interface Virtual254 "", is up, line protocol is up
  Hardware is Virtual	Available but not configured via nameif
	MAC address 0000.0000.0000, MTU not set
	IP address unassigned
  Control Point Interface States:
	Interface number is 9
	Interface config status is active
	Interface state is active
 
------------------ show cpu usage ------------------
 
CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
 
------------------ show cpu hogging process ------------------
 
 
Process:      ci/console, NUMHOG: 1, MAXHOG: 28, LASTHOG: 28
LASTHOG At:   14:27:57 CDT Apr 2 2009
PC:           8186d8b (suspend)
Traceback:    87b7b75  917111d  80bce35  80b1ddb  80b2971  805e983
 
Process:      Unicorn Admin Thread, PROC_PC_TOTAL: 3, MAXHOG: 13, LASTHOG: 13
LASTHOG At:   14:28:36 CDT Apr 2 2009
PC:           8b39b0c (suspend)
 
Process:      Unicorn Admin Thread, NUMHOG: 3, MAXHOG: 13, LASTHOG: 13
LASTHOG At:   14:28:36 CDT Apr 2 2009
PC:           8b39b0c (suspend)
Traceback:    8b39b0c  8b4e628  8b4f761  8c26c2d  8c24c02  8c17e75  8c18b82
              8c1db8a  8c1dd97  8c1ab5f  8c1c098  8c1ad52  8c1c868  8c1aea1
 
Process:      Unicorn Admin Thread, PROC_PC_TOTAL: 1, MAXHOG: 8, LASTHOG: 8
LASTHOG At:   14:28:36 CDT Apr 2 2009
PC:           8b5480d (suspend)
 
Process:      Unicorn Admin Thread, NUMHOG: 1, MAXHOG: 8, LASTHOG: 8
LASTHOG At:   14:28:36 CDT Apr 2 2009
PC:           8b5480d (suspend)
Traceback:    8b5480d  8b3a17a  8b3ba76  8b3bb25  94daa45
 
Process:      ci/console, PROC_PC_TOTAL: 8, MAXHOG: 49, LASTHOG: 4
LASTHOG At:   14:28:40 CDT Apr 2 2009
PC:           835bdcb (suspend)
 
Process:      Unicorn Admin Handler, NUMHOG: 2, MAXHOG: 4, LASTHOG: 4
LASTHOG At:   14:28:40 CDT Apr 2 2009
PC:           835bdcb (suspend)
Traceback:    841691e  835b8b4  8356d99  8061b3a  87dd3c7  8061b3a  83d4e2e
              83cd3af  83cd78a  83cdaad  83d2b6d  805e983
 
Process:      ARP Thread, PROC_PC_TOTAL: 1, MAXHOG: 2, LASTHOG: 2
LASTHOG At:   14:30:16 CDT Apr 2 2009
PC:           84c442e (suspend)
 
Process:      ci/console, PROC_PC_TOTAL: 2, MAXHOG: 213, LASTHOG: 213
LASTHOG At:   14:34:59 CDT Apr 2 2009
PC:           87c0785 (suspend)
 
Process:      Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 213, LASTHOG: 213
LASTHOG At:   14:34:59 CDT Apr 2 2009
PC:           87c0785 (suspend)
Traceback:    87c0785  87c0cbc  87c26c3  80b0ce0  83d3eb1  83cd0e8  83cd78a
              83cdaad  83d2b6d  805e983
 
Process:      telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At:   14:43:19 CDT Apr 9 2009
PC:           835eab8 (suspend)
 
Process:      telnet/ci, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At:   14:43:19 CDT Apr 9 2009
PC:           835eab8 (suspend)
Traceback:    835eab8  835a146  835a343  8054637  88bec25  87f0622  87c1756
              87c26c3  80b0ce0  80b1f3e  80b28c0  805e983
 
Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 1, MAXHOG: 32, LASTHOG: 32
LASTHOG At:   10:27:31 CDT Apr 13 2009
PC:           8356ddf (suspend)
 
Process:      Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 32, LASTHOG: 32
LASTHOG At:   10:27:31 CDT Apr 13 2009
PC:           8356ddf (suspend)
Traceback:    8356ddf  9170b86  8419838  841e35f  83d19c1  83cc548  83cdc90
              83d2b6d  805e983
 
Process:      ssh_init, PROC_PC_TOTAL: 1, MAXHOG: 4, LASTHOG: 4
LASTHOG At:   10:07:43 CDT Apr 16 2009
PC:           89006e1 (suspend)
 
Process:      ssh_init, NUMHOG: 1, MAXHOG: 4, LASTHOG: 4
LASTHOG At:   10:07:43 CDT Apr 16 2009
PC:           89006e1 (suspend)
Traceback:    89006e1  9119bb4  91171c0  910946f  91092c1  91122fd  912da97
              911a940  9108606  90fa31c  90fecbb  8acca5e  8ac8e6d  8acbb43
 
Process:      telnet/ci, PROC_PC_TOTAL: 2, MAXHOG: 69, LASTHOG: 69
LASTHOG At:   14:36:35 CDT Apr 16 2009
PC:           8b15a8b (suspend)
 
Process:      telnet/ci, NUMHOG: 2, MAXHOG: 69, LASTHOG: 69
LASTHOG At:   14:36:35 CDT Apr 16 2009
PC:           8b15a8b (suspend)
Traceback:    8b162ee  8b20771  87b7b75  917111d  80bce35  80b1ddb  80b28c0
              805e983
 
Process:      update_cpu_usage, PROC_PC_TOTAL: 2, MAXHOG: 3, LASTHOG: 3
LASTHOG At:   14:37:53 CDT Apr 16 2009
PC:           882c89c (suspend)
 
Process:      ARP Thread, NUMHOG: 3, MAXHOG: 3, LASTHOG: 3
LASTHOG At:   14:37:53 CDT Apr 16 2009
PC:           84c442e (suspend)
Traceback:    805e983
 
Process:      ci/console, PROC_PC_TOTAL: 5, MAXHOG: 31, LASTHOG: 31
LASTHOG At:   14:44:22 CDT Apr 16 2009
PC:           87b8305 (suspend)
 
Process:      telnet/ci, NUMHOG: 3, MAXHOG: 31, LASTHOG: 31
LASTHOG At:   14:44:22 CDT Apr 16 2009
PC:           87b8305 (suspend)
Traceback:    87b8305  9181e56  841a1db  841a55b  8419996  841e35f  842837a
              887082a  887090d  87c1756  87c26c3  80b0ce0  80b1f3e  80b28c0
 
Process:      Checkheaps, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At:   14:44:24 CDT Apr 16 2009
PC:           91693af (suspend)
 
Process:      Checkheaps, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3
LASTHOG At:   14:44:24 CDT Apr 16 2009
PC:           91693af (suspend)
Traceback:    91693af  91846e6  805e983
 
Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 6, MAXHOG: 143, LASTHOG: 28
LASTHOG At:   10:04:23 CDT Apr 22 2009
PC:           80b3b5a (suspend)
 
Process:      Unicorn Admin Handler, NUMHOG: 6, MAXHOG: 143, LASTHOG: 28
LASTHOG At:   10:04:23 CDT Apr 22 2009
PC:           80b3b5a (suspend)
Traceback:    80b3b5a  dd58e39d  dd58f09e  dd58cca1  dd58daa5  dd58674c  dd586bc5
              80b4a55  83d484d  83cc594  83cdc90  83d2b6d  805e983
 
Process:      Dispatch Unit, PROC_PC_TOTAL: 219, MAXHOG: 21, LASTHOG: 21
LASTHOG At:   12:27:59 CDT Apr 22 2009
PC:           8172a27 (suspend)
 
Process:      Dispatch Unit, NUMHOG: 11, MAXHOG: 21, LASTHOG: 21
LASTHOG At:   12:27:59 CDT Apr 22 2009
PC:           8172a27 (suspend)
Traceback:    8172a27  805e983
 
Process:      NIC status poll, PROC_PC_TOTAL: 2, MAXHOG: 18, LASTHOG: 18
LASTHOG At:   09:17:31 CDT May 7 2009
PC:           8827f9e (suspend)
 
Process:      NIC status poll, NUMHOG: 2, MAXHOG: 18, LASTHOG: 18
LASTHOG At:   09:17:31 CDT May 7 2009
PC:           8827f9e (suspend)
Traceback:    8827f9e  805e983
 
CPU hog threshold (msec):  2.844
Last cleared: None
 
------------------ show process ------------------
 
 
    PC       SP       STATE       Runtime    SBASE     Stack Process
Lwe 08051bac c750c32c 09b7aeb4          0 c750a418 7920/8192 block_diag
Mrd 081727e4 c753cccc 09b7a7fc     976999 c751ce58 125548/131072 Dispatch Unit
Mwe 0835e1f5 c7541e7c 09b7a5ec          0 c7540088 7496/8192 CF OIR
Mwe 08963190 c7544094 09aac950          0 c75421b0 7872/8192 lina_int
Mwe 08064bc5 c75b35ec 09b7a5ec          0 c75b1748 7672/8192 Reload Control Thread
Mwe 08069626 c75be504 09b7c718          0 c75ba950 15248/16384 aaa
Mwe 08a8717b c75c07fc c897b9e8         19 c75bea78 7000/8192 Boot Message Proxy Process
Mwe 08092416 c75c531c 09b7c774      81034 c75c1428 8952/16384 CMGR Server Process
Mwe 08092925 c75c73e4 09b7a5ec      15028 c75c5550 7696/8192 CMGR Timer Process
Mwe 087dabef cb769324 09b7a5ec        995 cb762590 23396/32768 Unicorn Admin Handler
Lwe 08171342 c75d1a1c 09b877a4          0 c75cfb18 7376/8192 dbgtrace
Msi 083e650c c75da00c 09b7a5ec       4460 c75d80f8 7808/8192 557mcfix
Msi 083e632e c75dc134 09b7a5ec          1 c75da220 7776/8192 557statspoll
Mwe 087db649 c8e1a7f4 c8a08a8c        287 c8e13c30 25832/32768 Unicorn Admin Handler
Mwe 08b5480d c7808b9c 09b7a5ec          1 c75f9b08 7136/8192 netfs_thread_init
Mwe 09144be5 c7607f4c 09b7a5ec          0 c76060c8 7640/8192 Chunk Manager
Msi 087fabee c761332c 09b7a5ec      11065 c7611438 7696/8192 PIX Garbage Collector
Mwe 087ee244 c762018c 09a9dcac          0 c761e288 7904/8192 IP Address Assign
Mwe 089adaf6 c77b2fd4 09adf078          0 c77b10d0 7904/8192 QoS Support Module
Mwe 0886b62f c77b5134 09a9ed50          0 c77b3230 7904/8192 Client Update Task
Lwe 091845b8 c77b79ac 09b7a5ec      55708 c77b5b18 7696/8192 Checkheaps
Mwe 089b0d45 c77bdbdc 09b7a5ec          0 c77bbf78 6624/8192 Quack process
Mwe 08a04632 c77c1f14 09b7a5ec        996 c77be0a0 15504/16384 Session Manager
Mwe 08b03785 c77ccd4c c8360530          6 c77c92f8 14296/16384 uauth
Mwe 08aa5795 c77cf324 09aebdc0          0 c77cd420 7376/8192 Uauth_Proxy
Mwe 08983279 cb76c4fc 09c92110          7 cb76a638 7760/8192 qos_metric_daemon
Msp 08adc06c c77d70bc 09b7a5ec        582 c77d51a8 7552/8192 SSL
Mwe 08b01be6 c77d91a4 09af18c4          0 c77d72d0 7240/8192 SMTP
Mwe 08af6f79 c77db16c 09af1848       1681 c77d93f8 5992/8192 Logger
Mwe 08af359e c77dd3b4 09b7a5ec          0 c77db520 7344/8192 Thread Logger
Mwe 08cd1c42 c77ebc1c 09b242e8          0 c77e9d38 7040/8192 vpnlb_thread
Mwe 0823344d c77f25c4 09b7a5ec          0 c77f0740 7640/8192 TLS Proxy Inspector
Msi 08a1d073 c787ac1c 09b7a5ec       8935 c7878d18 7792/8192 emweb/cifs_timer
Mwe 0860ca27 c78bd6a4 09a948ac          0 c78bb7b0 7520/8192 netfs_mount_handler
Msi 084c2788 c75cb674 09b7a5ec      30301 c75c97a0 7040/8192 arp_timer
Mwe 084cbc7c c75d7e84 09b9af68          0 c75d5fd0 7824/8192 arp_forward_thread
Mwe 0852fb65 c75de1fc 09b9fd60          2 c75dc378 7808/8192 Lic TMR
Msi 08b06cd1 c7605e94 09b7a5ec     149356 c7603fa0 7280/8192 tcp_fast
Msi 08b09e31 c7b4088c 09b7a5ec      47146 c7b3e9a8 7760/8192 tcp_slow
Mwe 08b33bf9 c7b4e57c 09af9a48          0 c7b4c688 7776/8192 udp_timer
Mwe 080e6cb8 c75fdb6c 09b7a5ec          0 c75fbcd8 7760/8192 CTCP Timer process
Mwe 08c82503 c75ffc74 09b7a5ec          0 c75fde00 7728/8192 L2TP data daemon
Mwe 08c832d3 c80c3b3c 09b7a5ec          0 c80c1cb8 7744/8192 L2TP mgmt daemon
Mwe 08c6f3db c80fbc74 09b1e224       2589 c80f7dc0 16048/16384 ppp_timer_thread
Msi 08cd20a7 c80fdcbc 09b7a5ec      12736 c80fbde8 7744/8192 vpnlb_timer_thread
Mwe 080fc9d7 c75cd76c c7601948          1 c75cb8c8 7592/8192 IPsec message handler
Msi 0810ecfc c77d140c 09b7a5ec     229489 c77cf548 6328/8192 CTM message handler
Mwe 088c5a1a c75cf864 09b7a5ec          1 c75cd9f0 7544/8192 NAT security-level reconfiguration
Mwe 089daea8 c82e57f4 09b7a5ec          0 c82e3950 7776/8192 ICMP event handler
Mwe 087550b3 c82e996c 09b7a5ec       2228 c82e5ac8 14888/16384 IP Background
Mwe 08169957 c83513dc 09a726f4         63 c8331518 121084/131072 tmatch compile thread
Mwe 088f1a05 c8427b1c 09b7a5ec          0 c8423c68 15880/16384 Crypto PKI RECV
Mwe 088f44fa c842bc24 09b7a5ec          0 c8427d90 15848/16384 Crypto CA
Lsi 0880aad8 c8463584 09b7a5ec        143 c8461670 7808/8192 uauth_urlb clean
Lwe 087f3f2f c86738f4 09b7a5ec      76556 c8671a80 4228/8192 pm_timer_thread
Mwe 084556c5 c8675e5c 09b7a5ec         12 c8673fc8 7696/8192 IKE Timekeeper
Mwe 084492eb c867b314 09a8fcb4          8 c8677740 14536/16384 IKE Daemon
Mwe 08ab90da c867ef34 09af04d4          0 c867d050 7872/8192 RADIUS Proxy Event Daemon
Mwe 08a8717b c8680ecc c77d26a8         18 c867f128 7032/8192 RADIUS Proxy Listener
Mwe 08ab7cd7 c8683094 09b7a5ec          0 c8681200 7760/8192 RADIUS Proxy Time Keeper
Mwe 084b3a3c c8685e44 09b9aee8          0 c8684010 7008/8192 Integrity FW Task
Mwe 08186d8b c86c9c7c 096595dc       9769 c86aa478 119044/131072 ci/console
Msi 0838bd78 c86cc464 09b7a5ec       3688 c86ca5a0 6392/8192 fover_thread
Mwe 08c572b5 c86ce55c 09d20850        503 c86cc6c8 7504/8192 lu_ctl
Msi 0882c89c c86d04f4 09b7a5ec      95479 c86ce7f0 6088/8192 update_cpu_usage
Msi 08827d31 c86da8ac 09b7a5ec     291833 c86d8a78 5944/8192 NIC status poll
Mwe 08381bcc c77e1514 09b8e700          0 c77df770 7552/8192 fover_rx
Mwe 0837e400 c77edd14 09b8f094          0 c77ebe60 7824/8192 fover_tx
Mwe 0837d50b c77b9c0c 09b9b5c8          0 c77b7d28 7848/8192 fover_ip
Mwe 08391b41 c86f2afc 09b8f0a8          0 c86eee18 15552/16384 fover_rep
Mwe 0838a51d c86fa9f4 09b8f0b0       6647 c86f2e40 31652/32768 fover_parse
Mwe 0836ccab c86fccec 09b8e1d8       3074 c86fae68 7760/8192 fover_ifc_test
Mwe 08370b85 c86fed24 09b7a5ec          0 c86fce90 7760/8192 fover_health_monitoring_thread
Mwe 083a3f10 c8702f74 09b7a5ec          0 c87010e0 7760/8192 ha_trans_ctl_tx
Mwe 083a3f10 c8715fc4 09b7a5ec          0 c8714130 7760/8192 ha_trans_data_tx
Mwe 0839b517 c8717ffc 09b7a5ec          0 c8716158 7520/8192 fover_FSM_thread
Mwe 08c56cdb c871aad4 09b9b028          0 c8718bd0 7832/8192 lu_rx
Lwe 08c56c0c c871cb0c 09d20700          0 c871abf8 7920/8192 lu_dynamic_sync
Mwe 084bdd86 c873c43c 09b9b634     109765 c8738568 15196/16384 IP Thread
Mwe 084c442e c873e534 09b9afe8    1072556 c873c640 4044/8192 ARP Thread
Mwe 083ebe80 c87405bc 09b9b620         34 c873e768 4584/8192 icmp_thread
Mwe 08b34b16 c8742724 09b7a5ec        186 c8740890 7656/8192 udp_thread
Mwe 08b0c06e c874470c 09b9b63c      28172 c87429b8 6272/8192 tcp_thread
Mwe 08a4e793 c87469d4 09ae3900          1 c8744ae0 7176/8192 SNMP Notify Thread
Mwe 080d7543 c8748bd4 09a6f11c     102695 c8746cf0 7580/8192 cppoll
Mwe 08b0ece5 c874aa7c c86db970          0 c8748d18 6904/8192 CP Server Process
Mwe 09197050 c874cb84 09b79ecc          0 c874ad40 7324/8192 rpc_server
Mwe 08b5480d c87c9acc 09b7a5ec         81 c874d518 24816/32768 rtcli async executor process
Mwe 08b074ee c897d83c c86db618      14932 c897ba18 6576/8192 CP Client Process
Mwe 08b15643 c892ee0c 09b7a5ec          0 c892cf78 7048/8192 npshim_thread
Mwe 08a8717b c8a6519c c8a32c30         18 c8a633e8 7368/8192 EAPoUDP-sock
Mwe 081acd75 c8a66f74 09b7a5ec          0 c8a65410 6840/8192 EAPoUDP
Mwe 0857fcb5 cb70a704 09b7a5ec       1006 cb708870 4204/8192 MFIB
Mwe 0857fcb5 cb7185f4 09b7a5ec        623 cb7167b0 4516/8192 PIM IPv4
Mwe 0857fcb5 cb7dc6e4 09b7a5ec        117 cb7da870 3692/8192 IGMP IPv4
Mwe 0818f651 c8b4b7a4 09b7a5ec        134 c8b49900 7712/8192 DHCPD Timer
Mwe 08cb260d c8cdc2c4 09b24008          0 c8cd43d0 32464/32768 vpnfol_thread_msg
Msi 08cb85b2 c8cde2dc 09b7a5ec       5982 c8cdc3f8 7760/8192 vpnfol_thread_timer
Mwe 08cb6ab2 c8ce02b4 09b24180          0 c8cde420 7792/8192 vpnfol_thread_sync
Msi 08cb813c c8ce233c 09b7a5ec      27613 c8ce0448 7776/8192 vpnfol_thread_unsent
Mwe 084afd88 c77efe1c 09b7a5ec          0 c77edf88 7760/8192 Integrity Fw Timer Thread
Msi 0860cafc c75d5c4c 09b7a5ec        560 c75d3d68 7752/8192 netfs_vnode_reclaim
Mwe 0857fcb5 c8db0bb4 09b7a5ec          0 c8daed20 7336/8192 MRIB Process
Mwe 08b5480d c89e14cc 09b7a5ec        265 c885ae90 4796/8192 Unicorn Admin Thread
Mwe 081911be c8a7ae2c 09b7a5ec          1 c8a78fe8 2076/8192 dhcp_daemon
Mwe 08b16758 c8b43784 c8a626e0          0 c8b41ad0 6760/8192 listen/telnet
Mwe 08b16758 c7517644 c8a4f290          0 c7515990 6760/8192 listen/ssh
M*  087b8305 c206c91c 09b7a7fc        223 cb86b7e8 19844/32768 Unicorn Admin Handler
Mwe 08a8717b cb811b2c cb7eb688          0 cb80fd88 7352/8192 IKE Receiver
Mwe 08acd4fb c89dbfec 09b7a5ec          4 c89da158 6272/8192 ssh/timer
 -     -        -         -    3456346440    -         -     scheduler
 -     -        -         -    3459938276    -         -     total elapsed
 
------------------ show kernel process ------------------
 
 
PID PPID PRI NI      VSIZE      RSS      WCHAN STAT  RUNTIME COMMAND
 
  1    0  20  0    1556480      504 3725684979    S       80 init
 
  2    1  34 19          0        0 3725694381    S        0 ksoftirqd/0
 
  3    1  10 -5          0        0 3725736671    S        0 events/0
 
  4    1  11 -5          0        0 3725736671    S        0 khelper
 
  5    1  20 -5          0        0 3725736671    S        0 kthread
 
  7    5  10 -5          0        0 3725736671    S        0 kblockd/0
 
  8    5  20 -5          0        0 3726735694    S        0 kseriod
 
 63    5  20  0          0        0 3725811768    S        0 pdflush
 
 64    5  15  0          0        0 3725811768    S        0 pdflush
 
 65    1  25  0          0        0 3725824451    S        0 kswapd0
 
 66    5  20 -5          0        0 3725736671    S        0 aio/0
 
178    1  17  0    1556480      112 3725684979    S        0 init
 
179  178  23  0    1556480      508 3725684979    S        0 rcS
 
186    1  21 -4    1511424      500          0    S       12 udevd
 
304    1  23 -2          0        0 3725683158    Z        0 modprobe
 
311    1  23 -2          0        0 3725683158    Z        0 modprobe
 
314    1  23 -2          0        0 3725683158    Z        0 modprobe
 
338    1  23 -2          0        0 3725683158    Z        0 modprobe
 
341    1  23 -2          0        0 3725683158    Z        0 modprobe
 
317    1  23 -2          0        0 3725683158    Z        0 modprobe
 
352    1  23 -2          0        0 3725683158    Z        0 modprobe
 
371  179  23  0    1548288      472 3725684979    S        0 S99asa
 
372  371  24  0    1548288      468 3725684979    S        0 rcS
 
395  372  25  0    1351680      344 3725712932    S        0 lina_monitor
 
396  395  15  0  487874560   378988 3725716348    S       87 lina
 
397  396  16  0  487874560   378988          0    S        1 lina
 
398  397  15  0  487874560   378988          0    S        0 lina
 
399  397  16  0  487874560   378988 3725716348    S       22 lina
 
400  397  25  0  487874560   378988          0    R 345978386 lina
 
------------------ show failover ------------------
 
Failover Off 
Failover unit Secondary
Failover LAN Interface: not Configured
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
 
------------------ show failover history ------------------
 
==========================================================================
From State                 To State                   Reason
==========================================================================
14:24:56 CDT Apr 2 2009
Not Detected               Disabled                   No Error
 
==========================================================================
 
------------------ show traffic ------------------
 
management:
	received (in 3459312.480 secs):
		35700378 packets	2849679231 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459312.480 secs):
		230880 packets	114887376 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 18 pkts/sec,  1506 bytes/sec
      1 minute output rate 2 pkts/sec,  1045 bytes/sec
      1 minute drop rate, 12 pkts/sec
      5 minute input rate 18 pkts/sec,  1614 bytes/sec
      5 minute output rate 2 pkts/sec,  1010 bytes/sec
      5 minute drop rate, 13 pkts/sec
internalMVL:
	received (in 3459312.490 secs):
		34746371 packets	2748628437 bytes
		0 pkts/sec	1 bytes/sec
	transmitted (in 3459312.490 secs):
		5341 packets	307400 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 16 pkts/sec,  1425 bytes/sec
      1 minute output rate 0 pkts/sec,  27 bytes/sec
      1 minute drop rate, 10 pkts/sec
      5 minute input rate 16 pkts/sec,  1533 bytes/sec
      5 minute output rate 0 pkts/sec,  36 bytes/sec
      5 minute drop rate, 10 pkts/sec
InternalWireless:
	received (in 3459312.480 secs):
		2101844 packets	144459041 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459312.480 secs):
		4673 packets	1646285 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 9 pkts/sec,  269 bytes/sec
      1 minute output rate 0 pkts/sec,  1 bytes/sec
      1 minute drop rate, 8 pkts/sec
      5 minute input rate 9 pkts/sec,  281 bytes/sec
      5 minute output rate 0 pkts/sec,  10 bytes/sec
      5 minute drop rate, 8 pkts/sec
Embarq:
	received (in 3459312.490 secs):
		198260 packets	18085770 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459312.490 secs):
		2163 packets	129293 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 0 pkts/sec,  5 bytes/sec
      1 minute output rate 0 pkts/sec,  1 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  7 bytes/sec
      5 minute output rate 0 pkts/sec,  2 bytes/sec
      5 minute drop rate, 0 pkts/sec
 
----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
GigabitEthernet0/0:
	received (in 3459365.250 secs):
		198946 packets	21749026 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459365.250 secs):
		2164 packets	175019 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 0 pkts/sec,  6 bytes/sec
      1 minute output rate 0 pkts/sec,  2 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  8 bytes/sec
      5 minute output rate 0 pkts/sec,  3 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet0/1:
	received (in 3459365.250 secs):
		34747616 packets	3500601910 bytes
		0 pkts/sec	1000 bytes/sec
	transmitted (in 3459365.250 secs):
		5342 packets	412072 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 16 pkts/sec,  1780 bytes/sec
      1 minute output rate 0 pkts/sec,  37 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 16 pkts/sec,  1898 bytes/sec
      5 minute output rate 0 pkts/sec,  50 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet0/2:
	received (in 3459365.250 secs):
		2102359 packets	182966918 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459365.250 secs):
		4673 packets	1761547 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 9 pkts/sec,  601 bytes/sec
      1 minute output rate 0 pkts/sec,  2 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 9 pkts/sec,  615 bytes/sec
      5 minute output rate 0 pkts/sec,  14 bytes/sec
      5 minute drop rate, 0 pkts/sec
GigabitEthernet0/3:
	received (in 3459365.250 secs):
		0 packets	0 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459365.250 secs):
		0 packets	0 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Internal-Control0/0:
	received (in 3459365.250 secs):
		1747799 packets	157040756 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459365.250 secs):
		5191114 packets	377950554 bytes
		0 pkts/sec	1 bytes/sec
      1 minute input rate 0 pkts/sec,  45 bytes/sec
      1 minute output rate 1 pkts/sec,  109 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  45 bytes/sec
      5 minute output rate 1 pkts/sec,  109 bytes/sec
      5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
	received (in 3459365.250 secs):
		12888980 packets	824894656 bytes
		0 pkts/sec	0 bytes/sec
	transmitted (in 3459365.250 secs):
		12888982 packets	824894848 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 3 pkts/sec,  238 bytes/sec
      1 minute output rate 3 pkts/sec,  238 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 3 pkts/sec,  238 bytes/sec
      5 minute output rate 3 pkts/sec,  238 bytes/sec
      5 minute drop rate, 0 pkts/sec
Management0/0:
	received (in 3459365.250 secs):
		35701095 packets	3479796981 bytes
		0 pkts/sec	1000 bytes/sec
	transmitted (in 3459365.250 secs):
		230798 packets	119155490 bytes
		0 pkts/sec	0 bytes/sec
      1 minute input rate 17 pkts/sec,  1832 bytes/sec
      1 minute output rate 2 pkts/sec,  1080 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 18 pkts/sec,  1945 bytes/sec
      5 minute output rate 2 pkts/sec,  1044 bytes/sec
      5 minute drop rate, 0 pkts/sec
 
------------------ show perfmon ------------------
 
 
PERFMON STATS:                     Current      Average
Xlates                                0/s          0/s
Connections                           0/s          0/s
TCP Conns                             0/s          0/s
UDP Conns                             0/s          0/s
URL Access                            0/s          0/s
URL Server Req                        0/s          0/s
TCP Fixup                             0/s          0/s
TCP Intercept Established Conns       0/s          0/s
TCP Intercept Attempts                0/s          0/s
TCP Embryonic Conns Timeout           0/s          0/s
HTTP Fixup                            0/s          0/s
FTP Fixup                             0/s          0/s
AAA Authen                            0/s          0/s
AAA Author                            0/s          0/s
AAA Account                           0/s          0/s
 
VALID CONNS RATE in TCP INTERCEPT:    Current      Average
                                       N/A         96.00%
 
------------------ show counters ------------------
 
Protocol     Counter                             Value   Context
IP           IN_PKTS                          17935085   Summary
IP           OUT_PKTS                          3517055   Summary
IP           IN_DROP_UNK                        820984   Summary
IP           IN_DROP_NFU                             4   Summary
IP           TO_ARP                           15320664   Summary
IP           TO_UDP                              44554   Summary
IP           TO_ICMP                               723   Summary
IP           TO_TCP                            1747966   Summary
TCP          IN_PKTS                           1747966   Summary
TCP          OUT_PKTS                          5195723   Summary
TCP          RCV_GOOD                          1735914   Summary
TCP          DROP_NRST                               9   Summary
TCP          DROP_IGNORE4                      3471828   Summary
TCP          HASH_ADD                                1   Summary
TCP          HASH_MISS                               9   Summary
TCP          SND_SYN                                 1   Summary
TCP          SND_ACK                           1729999   Summary
TCP          RCV_ACK                             12042   Summary
UDP          IN_PKTS                             44554   Summary
UDP          OUT_PKTS                            44561   Summary
UDP          DROP_NO_APP                             3   Summary
ICMP         IN_PKTS                               723   Summary
ICMP         OUT_PKTS                              719   Summary
SSLERR       BAD_PROTOCOL_VERSION_NUMBER             8   Summary
SSLERR       BAD_SIGNATURE                           3   Summary
SSLALERT     RX_CLOSE_NOTIFY                        28   Summary
SSLALERT     RX_WARNING_ALERT                       28   Summary
SSLALERT     TX_CLOSE_NOTIFY                      1159   Summary
SSLALERT     TX_WARNING_ALERT                     1159   Summary
SSLDEV       NEW_CTX                                 2   Summary
SSLNP        OPEN_CONN                               3   Summary
SSLNP        HANDSHAKE_START                      1227   Summary
SSLNP        HANDSHAKE_DONE                       1227   Summary
SSLNP        DOWNSTREAM_CLOSE                     4794   Summary
SSLNP        DOWNSTREAM_CLOSE_NEXT                1229   Summary
SSLNP        UPSTREAM_CLOSE                       1230   Summary
SSLNP        UPSTREAM_CLOSE_NEXT                  1229   Summary
SSLNP        FREE_CONN                            1229   Summary
SSLNP        NEW_CONN_SERVER                      1230   Summary
SSLNP        EXTRACT_VIA_DUPB                      462   Summary
SSLNP        IN_PKTS_RX                          10536   Summary
SSLNP        IN_PKTS_TX                           1759   Summary
SSLNP        OUT_PKTS_RX                        109409   Summary
SSLNP        OUT_PKTS_TX                        111866   Summary
SSLNP        SESSIONS_CLEARED                       69   Summary
NPSHIM       GET_REQUEST                            16   Summary
NPSHIM       GET_NONE                                8   Summary
NPSHIM       GET_RECV                                8   Summary
NPSHIM       READ_CTX_CLOSED                         5   Summary
NPSHIM       READ_NOBLOCK_NO_BUF                     9   Summary
NPSHIM       READ_RECV                            2947   Summary
NPSHIM       READ_EOF                                2   Summary
NPSHIM       SLCT_REQUEST                           19   Summary
NPSHIM       SLCT_EVENT                             17   Summary
NPSHIM       CTX_ALLOC                          404119   Summary
NPSHIM       CTX_FREE                           404111   Summary
NPSHIM       CLOSE_LISTEN                            3   Summary
NPSHIM       IOCTL_TCPFIP_FAIL                       7   Summary
 
------------------ show mode ------------------
 
Security context mode: single 
 
------------------ show history ------------------
 
 
------------------ show firewall ------------------
 
Firewall mode: Router
 
------------------ show running-config ------------------
 
: Saved
:
ASA Version 8.0(4) 
!
hostname ciscoasa
domain-name mvl.kmmfg.com
enable password <removed>
passwd <removed>
multicast-routing
names
name 192.168.37.231 CribMaster
!
interface GigabitEthernet0/0
 nameif Embarq
 security-level 0
 ip address 65.40.186.250 255.255.255.128 
!
interface GigabitEthernet0/1
 nameif internalMVL
 security-level 75
 ip address 192.168.37.44 255.255.252.0 
!
interface GigabitEthernet0/2
 nameif InternalWireless
 security-level 75
 ip address 192.168.10.1 255.255.255.0 
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 157.116.123.70 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name mvl.kmmfg.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu internalMVL 1500
mtu InternalWireless 1500
mtu Embarq 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
global (Embarq) 101 interface
nat (management) 101 0.0.0.0 0.0.0.0
static (InternalWireless,internalMVL) interface 192.168.10.10 netmask 255.255.255.255 
static (InternalWireless,Embarq) interface 192.168.10.10 netmask 255.255.255.255 
static (InternalWireless,internalMVL) 192.168.37.75 192.168.10.11 netmask 255.255.255.255 
static (internalMVL,InternalWireless) 192.168.10.15 CribMaster netmask 255.255.255.255 
route Embarq 0.0.0.0 0.0.0.0 65.40.186.241 1
route internalMVL 192.168.37.0 255.255.255.0 192.168.37.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 159.168.123.58 255.255.255.255 management
http 0.0.0.0 0.0.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto isakmp enable internalMVL
crypto isakmp enable InternalWireless
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet 0.0.0.0 0.0.0.0 management
telnet 157.116.123.58 255.255.255.255 management
telnet 0.0.0.0 0.0.0.0 Embarq
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 management
ssh 157.116.123.58 255.255.255.255 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:9e52208c2eefa1a8e1dad3a7bba8e090
: end
 
------------------ show startup-config errors ------------------
 
WARNING: IPS policy is configured with incompatible SSM card.
*** Output from config line 134, "  ips inline fail-close"
WARNING: IPS policy is configured with incompatible SSM card.
*** Output from config line 137, "  ips promiscuous fail-c..."
 
------------------ console logs ------------------
 
Message #1 : Message #2 : 
Total SSMs found: 1
Message #3 : ASA-SSM-CSC-10, SN JAF1204BGJK, HW ver 1.0, FW ver 1.0(11)2
Message #4 : 
Total NICs found: 7
Message #5 : mcwa Message #6 : i82557 Ethernet at irq 11Message #7 :   MAC: 001e.f762.c0a6
Message #8 : mcwa Message #9 : i82557 Ethernet at irq  5Message #10 :   MAC: 0000.0001.0001
Message #11 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 00Message #12 :  MAC: 001e.f762.c0a2
Message #13 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 01Message #14 :  MAC: 001e.f762.c0a3
Message #15 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 02Message #16 :  MAC: 001e.f762.c0a4
Message #17 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 03Message #18 :  MAC: 001e.f762.c0a5
Message #19 : i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05Message #20 :  MAC: 0000.0001.0002
Message #21 : 
Licensed features for this platform:
Message #22 : Maximum Physical Interfaces  : Unlimited 
Message #23 : Maximum VLANs                : 150       
Message #24 : Inside Hosts                 : Unlimited 
Message #25 : Failover                     : Active/Active
Message #26 : VPN-DES                      : Enabled   
Message #27 : VPN-3DES-AES                 : Enabled   
Message #28 : Security Contexts            : 2         
Message #29 : GTP/GPRS                     : Disabled  
Message #30 : VPN Peers                    : 750       
Message #31 : WebVPN Peers                 : 2         
Message #32 : AnyConnect for Mobile        : Disabled  
Message #33 : AnyConnect for Linksys phone : Disabled  
Message #34 : Advanced Endpoint Assessment : Disabled  
Message #35 : UC Proxy Sessions            : 2         
Message #36 : 
This platform has an ASA 5520 VPN Plus license.
Message #37 : 
Message #38 : Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Message #39 :                              Boot microcode   : CN1000-MC-BOOT-2.00 
Message #40 :                              SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
Message #41 :                              IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
Message #42 : 
Cisco Adaptive Security Appliance Software Version 8.0(4) 
Message #43 : 
Message #44 :   ****************************** Warning *******************************
Message #45 :   This product contains cryptographic features and is
Message #46 :   subject to United States and local country laws
Message #47 :   governing, import, export, transfer, and use.
Message #48 :   Delivery of Cisco cryptographic products does not
Message #49 :   imply third-party authority to import, export,
Message #50 :   distribute, or use encryption. Importers, exporters,
Message #51 :   distributors and users are responsible for compliance
Message #52 :   with U.S. and local country laws. By using this
Message #53 :   product you agree to comply with applicable laws and
Message #54 :   regulations. If you are unable to comply with U.S.
Message #55 :   and local laws, return the enclosed items immediately.
Message #56 : 
Message #57 :   A summary of U.S. laws governing Cisco cryptographic
Message #58 :   products may be found at:
Message #59 :   http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #60 : 
Message #61 :   If you require further assistance please contact us by
Message #62 :   sending email to export@cisco.com.
Message #63 :   ******************************* Warning *******************************
Message #64 : 
Message #65 : Copyright (c) 1996-2008 by Cisco Systems, Inc.
 
Message #66 :                 Restricted Rights Legend
 
Message #67 : Use, duplication, or disclosure by the Government is
Message #68 : subject to restrictions as set forth in subparagraph
Message #69 : (c) of the Commercial Computer Software - Restricted
Message #70 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #71 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #72 : Software clause at DFARS sec. 252.227-7013.
 
Message #73 :                 Cisco Systems, Inc.
Message #74 :                 170 West Tasman Drive
Message #75 :                 San Jose, California 95134-1706
 
Message #76 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=54784 len=32
Message #77 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=54784 len=32
Message #78 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=55040 len=32
Message #79 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=55040 len=32
Message #80 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=55296 len=32
Message #81 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=55296 len=32
Message #82 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=55552 len=32
Message #83 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=55552 len=32

Open in new window

0
Comment
Question by:MVLIS
  • 3
  • 2
6 Comments
 
LVL 13

Assisted Solution

by:Quori
Quori earned 400 total points
ID: 24369404
Does the default gateway for hosts on the .37 network have a route to .10 via 192.168.37.44?
0
 
LVL 5

Assisted Solution

by:yashinchalad
yashinchalad earned 100 total points
ID: 24374599

route internalMVL 192.168.37.0 255.255.255.0 192.168.37.81 1
me confused , is this 192.168.37.44 (thats the interface IP)?

also do u add

route InternalWireless 192.168.10.0 255.255.255.0 192.168.10.1 1
just to make sure firewall understands its an internal route?
let me know.
0
 

Author Comment

by:MVLIS
ID: 24374890
No there is no route to .10 from .37 gateway through 192.168.37.44, but doing so would make perfect sense wouldn't it?  Let me try that and I'll get right back to you.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:MVLIS
ID: 24375377
Now I get a new message: No translation group found for icmp src internalMVL:192.168.37.1 dst InternalWireless:192.168.10.10 (type 8, code 0).  So it is hitting the 192.168.37.44 interface (internalMVL), but getting dropped any clue?  Sorry I'm new to the ASA, I've been using Checkpoint for a long time, and seem to be a little slow on the uptake.
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 400 total points
ID: 24380017
For a start, we don't need to NAT between two internal interfaces so you can change this:

static (InternalWireless,internalMVL) interface 192.168.10.10 netmask 255.255.255.255
static (InternalWireless,internalMVL) 192.168.37.75 192.168.10.11 netmask 255.255.255.255

We should probably fix your NAT config too.

You can add a route statement for the .10 network if you so choose, but since its an interface you don't really need to.

Internal interfaces also usually have a security level of 100.
0
 
LVL 13

Accepted Solution

by:
Quori earned 400 total points
ID: 24380024
Be sure to:

clear xlate

To flush any translations before you test again.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question