Solved

I have a routing issue on an ASA 5520

Posted on 2009-05-12
6
4,123 Views
Last Modified: 2012-06-21
We are trying to setup an ASA 5520 to route traffic from our wireless network (192.168.10.0) to our data network (192.168.37.0).  I get a reply when I ping the gateway for the data network (192.168.37.1) but don't get a response from any other machines on the 192.168.37.0 network.  What have I missed?
Result of the command: "show running-config"
 

: Saved

:

ASA Version 8.0(4) 

!

hostname ciscoasa

domain-name mvl.kmmfg.com

enable password sy9BBdr/2YBb9r9l encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

multicast-routing

names

name 192.168.37.231 CribMaster

!

interface GigabitEthernet0/0

 nameif Embarq

 security-level 0

 ip address 65.40.186.250 255.255.255.128 

!

interface GigabitEthernet0/1

 nameif internalMVL

 security-level 75

 ip address 192.168.37.44 255.255.252.0 

!

interface GigabitEthernet0/2

 nameif InternalWireless

 security-level 75

 ip address 192.168.10.1 255.255.255.0 

!

interface GigabitEthernet0/3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Management0/0

 nameif management

 security-level 100

 ip address 157.116.123.70 255.255.255.0 

 management-only

!

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns server-group DefaultDNS

 domain-name mvl.kmmfg.com

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

pager lines 24

logging enable

logging asdm informational

mtu management 1500

mtu internalMVL 1500

mtu InternalWireless 1500

mtu Embarq 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-615.bin

no asdm history enable

arp timeout 14400

global (Embarq) 101 interface

nat (management) 101 0.0.0.0 0.0.0.0

static (InternalWireless,internalMVL) interface 192.168.10.10 netmask 255.255.255.255 

static (InternalWireless,Embarq) interface 192.168.10.10 netmask 255.255.255.255 

static (InternalWireless,internalMVL) 192.168.37.75 192.168.10.11 netmask 255.255.255.255 

static (internalMVL,InternalWireless) 192.168.10.15 CribMaster netmask 255.255.255.255 

route Embarq 0.0.0.0 0.0.0.0 65.40.186.241 1

route internalMVL 192.168.37.0 255.255.255.0 192.168.37.81 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 159.168.123.58 255.255.255.255 management

http 0.0.0.0 0.0.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto isakmp enable internalMVL

crypto isakmp enable InternalWireless

crypto isakmp policy 5

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 10

 authentication pre-share

 encryption des

 hash sha

 group 2

 lifetime 86400

telnet 0.0.0.0 0.0.0.0 management

telnet 157.116.123.58 255.255.255.255 management

telnet 0.0.0.0 0.0.0.0 Embarq

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 management

ssh 157.116.123.58 255.255.255.255 management

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny  

  inspect sunrpc 

  inspect xdmcp 

  inspect sip  

  inspect netbios 

  inspect tftp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:9e52208c2eefa1a8e1dad3a7bba8e090

: end
 

Result of the command: "show tech-support"
 

Cisco Adaptive Security Appliance Software Version 8.0(4) 

Device Manager Version 6.1(5)
 

Compiled on Thu 07-Aug-08 20:53 by builders

System image file is "disk0:/asa804-k8.bin"

Config file at boot was "startup-config"
 

ciscoasa up 40 days 0 hours
 

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

Slot 1: ATA Compact Flash, 512MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB
 

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00 

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

 0: Ext: GigabitEthernet0/0  : address is 001e.f762.c0a2, irq 9

 1: Ext: GigabitEthernet0/1  : address is 001e.f762.c0a3, irq 9

 2: Ext: GigabitEthernet0/2  : address is 001e.f762.c0a4, irq 9

 3: Ext: GigabitEthernet0/3  : address is 001e.f762.c0a5, irq 9

 4: Ext: Management0/0       : address is 001e.f762.c0a6, irq 11

 5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11

 6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
 

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited 

Maximum VLANs                : 150       

Inside Hosts                 : Unlimited 

Failover                     : Active/Active

VPN-DES                      : Enabled   

VPN-3DES-AES                 : Enabled   

Security Contexts            : 2         

GTP/GPRS                     : Disabled  

VPN Peers                    : 750       

WebVPN Peers                 : 2         

AnyConnect for Mobile        : Disabled  

AnyConnect for Linksys phone : Disabled  

Advanced Endpoint Assessment : Disabled  

UC Proxy Sessions            : 2         
 

This platform has an ASA 5520 VPN Plus license.
 

Serial Number: JMX1209L1VB

Running Activation Key: 0x42094e51 0x348bcd43 0x40527d80 0x99901ca8 0x830aad83 

Configuration register is 0x1

Configuration last modified by enable_15 at 15:14:17.849 CDT Tue May 12 2009
 

------------------ show clock ------------------
 

15:20:36.849 CDT Tue May 12 2009
 

------------------ show crashinfo ------------------
 

No crash file found.
 
 

------------------ show module ------------------
 
 

Mod Card Type                                    Model              Serial No. 

--- -------------------------------------------- ------------------ -----------

  0 ASA 5520 Adaptive Security Appliance         ASA5520            JMX1209L1VB

  1 ASA 5500 Series Content Security Services Mo ASA-SSM-CSC-10     JAF1204BGJK
 

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version     

--- --------------------------------- ------------ ------------ ---------------

  0 001e.f762.c0a2 to 001e.f762.c0a6  2.0          1.0(11)2     8.0(4)

  1 001e.7a36.7877 to 001e.7a36.7877  1.0          1.0(11)2     CSC SSM 6.2.1599.0
 

Mod SSM Application Name           Status           SSM Application Version

--- ------------------------------ ---------------- --------------------------

  1 CSC SSM                        Up               6.2.1599.0
 

Mod Status             Data Plane Status     Compatibility

--- ------------------ --------------------- -------------

  0 Up Sys             Not Applicable         

  1 Up                 Up                     
 
 

------------------ show memory ------------------
 

Free memory:       297403160 bytes (56%)

Used memory:       232287336 bytes (44%)

-------------     ----------------

Total memory:      529690496 bytes (100%)
 

------------------ show memory dma ------------------
 

DMA memory:

   Unused memory:                 23628656 bytes (30%)

   Crypto reserved memory:        20471932 bytes (26%)

      Crypto free:                19292164 bytes (24%)

      Crypto used:                 1179768 bytes ( 1%)

   Block reserved memory:         34889696 bytes (44%)

      Block free:                 31106144 bytes (39%)

      Block used:                  3783552 bytes ( 5%)

   Used memory:                     250932 bytes ( 0%)

-----------------------------   ----------------

   Total memory:                  79241216 bytes (100%)
 
 

------------------ show conn count ------------------
 

32 in use, 67 most used
 

------------------ show xlate count ------------------
 

4 in use, 4 most used
 

------------------ show blocks ------------------
 

  SIZE    MAX    LOW    CNT

     0    700    698    700

     4    100     99     99

    80    952    947    952

   256    100     97    100

  1550   8849   7340   7581

  2048   2612   2338   2358

  2560    164    164    164

  4096    100     99    100

  8192    100    100    100

 16384    102    102    102

 65536     16     15     16
 

------------------ show blocks queue history detail ------------------
 

History buffer memory usage: 2136 bytes (default)
 

------------------ show interface ------------------
 

Interface GigabitEthernet0/0 "Embarq", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

	Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

	MAC address 001e.f762.c0a2, MTU 1500

	IP address 65.40.186.250, subnet mask 255.255.255.128

	198946 packets input, 21749026 bytes, 419 no buffer

	Received 181938 broadcasts, 0 runts, 0 giants

	3641 input errors, 0 CRC, 0 frame, 3641 overrun, 0 ignored, 0 abort

	673 L2 decode drops

	2164 packets output, 175019 bytes, 0 underruns

	0 output errors, 0 collisions, 2 interface resets

	0 late collisions, 0 deferred

	0 input reset drops, 0 output reset drops

	input queue (curr/max packets): hardware (0/26) software (0/0)

	output queue (curr/max packets): hardware (0/1) software (0/0)

  Traffic Statistics for "Embarq":

	198260 packets input, 18085770 bytes

	2163 packets output, 129293 bytes

	107166 packets dropped

      1 minute input rate 0 pkts/sec,  5 bytes/sec

      1 minute output rate 0 pkts/sec,  1 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  7 bytes/sec

      5 minute output rate 0 pkts/sec,  2 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Control Point Interface States:

	Interface number is 2

	Interface config status is active

	Interface state is active

Interface GigabitEthernet0/1 "internalMVL", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

	Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

	MAC address 001e.f762.c0a3, MTU 1500

	IP address 192.168.37.44, subnet mask 255.255.252.0

	34747616 packets input, 3500601910 bytes, 1883 no buffer

	Received 34734625 broadcasts, 0 runts, 0 giants

	27360 input errors, 0 CRC, 0 frame, 27360 overrun, 0 ignored, 0 abort

	789 L2 decode drops

	5342 packets output, 412072 bytes, 0 underruns

	0 output errors, 0 collisions, 0 interface resets

	0 late collisions, 0 deferred

	0 input reset drops, 0 output reset drops

	input queue (curr/max packets): hardware (4/33) software (0/0)

	output queue (curr/max packets): hardware (0/4) software (0/0)

  Traffic Statistics for "internalMVL":

	34746371 packets input, 2748628437 bytes

	5341 packets output, 307400 bytes

	27223140 packets dropped

      1 minute input rate 16 pkts/sec,  1425 bytes/sec

      1 minute output rate 0 pkts/sec,  27 bytes/sec

      1 minute drop rate, 10 pkts/sec

      5 minute input rate 16 pkts/sec,  1533 bytes/sec

      5 minute output rate 0 pkts/sec,  36 bytes/sec

      5 minute drop rate, 10 pkts/sec

  Control Point Interface States:

	Interface number is 3

	Interface config status is active

	Interface state is active

Interface GigabitEthernet0/2 "InternalWireless", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

	Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

	MAC address 001e.f762.c0a4, MTU 1500

	IP address 192.168.10.1, subnet mask 255.255.255.0

	2102359 packets input, 182966918 bytes, 0 no buffer

	Received 2069303 broadcasts, 0 runts, 0 giants

	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

	153 L2 decode drops

	4673 packets output, 1761547 bytes, 0 underruns

	0 output errors, 0 collisions, 0 interface resets

	0 late collisions, 0 deferred

	0 input reset drops, 0 output reset drops

	input queue (curr/max packets): hardware (6/25) software (0/0)

	output queue (curr/max packets): hardware (0/25) software (0/0)

  Traffic Statistics for "InternalWireless":

	2101844 packets input, 144459041 bytes

	4673 packets output, 1646285 bytes

	1231299 packets dropped

      1 minute input rate 9 pkts/sec,  269 bytes/sec

      1 minute output rate 0 pkts/sec,  1 bytes/sec

      1 minute drop rate, 8 pkts/sec

      5 minute input rate 9 pkts/sec,  281 bytes/sec

      5 minute output rate 0 pkts/sec,  10 bytes/sec

      5 minute drop rate, 8 pkts/sec

  Control Point Interface States:

	Interface number is 4

	Interface config status is active

	Interface state is active

Interface GigabitEthernet0/3 "", is administratively down, line protocol is down

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

	Auto-Duplex, Auto-Speed

	Available but not configured via nameif

	MAC address 001e.f762.c0a5, MTU not set

	IP address unassigned

	0 packets input, 0 bytes, 0 no buffer

	Received 0 broadcasts, 0 runts, 0 giants

	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

	0 L2 decode drops

	0 packets output, 0 bytes, 0 underruns

	0 output errors, 0 collisions, 0 interface resets

	0 late collisions, 0 deferred

	0 input reset drops, 0 output reset drops

	input queue (curr/max packets): hardware (0/0) software (0/0)

	output queue (curr/max packets): hardware (0/0) software (0/0)

  Control Point Interface States:

	Interface number is 5

	Interface config status is not active

	Interface state is not active

Interface Internal-Control0/0 "cplane", is up, line protocol is up

  Hardware is i82557, BW 100 Mbps, DLY 100 usec

	(Full-duplex), (100 Mbps)

	MAC address 0000.0001.0001, MTU 1500

	IP address 127.0.1.1, subnet mask 255.255.0.0

	1747799 packets input, 157040756 bytes, 0 no buffer

	Received 0 broadcasts, 0 runts, 0 giants

	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

	0 L2 decode drops

	5191114 packets output, 377950554 bytes, 0 underruns

	0 output errors, 0 collisions, 0 interface resets

	0 babbles, 0 late collisions, 0 deferred

	0 lost carrier, 0 no carrier

	input queue (curr/max packets): hardware (0/1) software (0/2)

	output queue (curr/max packets): hardware (0/2) software (0/1)

  Traffic Statistics for "cplane":

	0 packets input, 0 bytes

	0 packets output, 0 bytes

	0 packets dropped

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

  Control Point Interface States:

	Interface number is 8

	Interface config status is active

	Interface state is active

Interface Internal-Data0/0 "", is up, line protocol is up

  Hardware is i82547GI rev00, BW 1000 Mbps, DLY 10 usec

	(Full-duplex), (1000 Mbps)

	MAC address 0000.0001.0002, MTU not set

	IP address unassigned

	12888980 packets input, 824894656 bytes, 0 no buffer

	Received 0 broadcasts, 0 runts, 0 giants

	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

	0 L2 decode drops

	12888982 packets output, 824894848 bytes, 0 underruns

	0 output errors, 0 collisions, 0 interface resets

	0 late collisions, 0 deferred

	0 input reset drops, 0 output reset drops

	input queue (curr/max packets): hardware (1/2) software (0/0)

	output queue (curr/max packets): hardware (0/1) software (0/0)

  Control Point Interface States:

	Interface number is 7

	Interface config status is active

	Interface state is active

Interface Management0/0 "management", is up, line protocol is up

  Hardware is i82557, BW 100 Mbps, DLY 100 usec

	Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

	MAC address 001e.f762.c0a6, MTU 1500

	IP address 157.116.123.70, subnet mask 255.255.255.0

	35701095 packets input, 3479796981 bytes, 0 no buffer

	Received 35527670 broadcasts, 0 runts, 0 giants

	7855 input errors, 0 CRC, 0 frame, 7855 overrun, 0 ignored, 0 abort

	0 L2 decode drops

	230798 packets output, 119155490 bytes, 0 underruns

	0 output errors, 0 collisions, 0 interface resets

	0 babbles, 0 late collisions, 0 deferred

	0 lost carrier, 0 no carrier

	input queue (curr/max packets): hardware (0/1) software (0/188)

	output queue (curr/max packets): hardware (0/19) software (0/4)

  Traffic Statistics for "management":

	35700378 packets input, 2849679231 bytes

	230880 packets output, 114887376 bytes

	27871359 packets dropped

      1 minute input rate 18 pkts/sec,  1506 bytes/sec

      1 minute output rate 2 pkts/sec,  1045 bytes/sec

      1 minute drop rate, 12 pkts/sec

      5 minute input rate 18 pkts/sec,  1614 bytes/sec

      5 minute output rate 2 pkts/sec,  1010 bytes/sec

      5 minute drop rate, 13 pkts/sec

	Management-only interface. Blocked 3541 through-the-device packets

		3520 IPv4 packets originated from management network

		21 IPv4 packets destined to management network

		0 IPv6 packets originated from management network

		0 IPv6 packets destined to management network

  Control Point Interface States:

	Interface number is 6

	Interface config status is active

	Interface state is active

Interface Virtual254 "", is up, line protocol is up

  Hardware is Virtual	Available but not configured via nameif

	MAC address 0000.0000.0000, MTU not set

	IP address unassigned

  Control Point Interface States:

	Interface number is 9

	Interface config status is active

	Interface state is active
 

------------------ show cpu usage ------------------
 

CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
 

------------------ show cpu hogging process ------------------
 
 

Process:      ci/console, NUMHOG: 1, MAXHOG: 28, LASTHOG: 28

LASTHOG At:   14:27:57 CDT Apr 2 2009

PC:           8186d8b (suspend)

Traceback:    87b7b75  917111d  80bce35  80b1ddb  80b2971  805e983
 

Process:      Unicorn Admin Thread, PROC_PC_TOTAL: 3, MAXHOG: 13, LASTHOG: 13

LASTHOG At:   14:28:36 CDT Apr 2 2009

PC:           8b39b0c (suspend)
 

Process:      Unicorn Admin Thread, NUMHOG: 3, MAXHOG: 13, LASTHOG: 13

LASTHOG At:   14:28:36 CDT Apr 2 2009

PC:           8b39b0c (suspend)

Traceback:    8b39b0c  8b4e628  8b4f761  8c26c2d  8c24c02  8c17e75  8c18b82

              8c1db8a  8c1dd97  8c1ab5f  8c1c098  8c1ad52  8c1c868  8c1aea1
 

Process:      Unicorn Admin Thread, PROC_PC_TOTAL: 1, MAXHOG: 8, LASTHOG: 8

LASTHOG At:   14:28:36 CDT Apr 2 2009

PC:           8b5480d (suspend)
 

Process:      Unicorn Admin Thread, NUMHOG: 1, MAXHOG: 8, LASTHOG: 8

LASTHOG At:   14:28:36 CDT Apr 2 2009

PC:           8b5480d (suspend)

Traceback:    8b5480d  8b3a17a  8b3ba76  8b3bb25  94daa45
 

Process:      ci/console, PROC_PC_TOTAL: 8, MAXHOG: 49, LASTHOG: 4

LASTHOG At:   14:28:40 CDT Apr 2 2009

PC:           835bdcb (suspend)
 

Process:      Unicorn Admin Handler, NUMHOG: 2, MAXHOG: 4, LASTHOG: 4

LASTHOG At:   14:28:40 CDT Apr 2 2009

PC:           835bdcb (suspend)

Traceback:    841691e  835b8b4  8356d99  8061b3a  87dd3c7  8061b3a  83d4e2e

              83cd3af  83cd78a  83cdaad  83d2b6d  805e983
 

Process:      ARP Thread, PROC_PC_TOTAL: 1, MAXHOG: 2, LASTHOG: 2

LASTHOG At:   14:30:16 CDT Apr 2 2009

PC:           84c442e (suspend)
 

Process:      ci/console, PROC_PC_TOTAL: 2, MAXHOG: 213, LASTHOG: 213

LASTHOG At:   14:34:59 CDT Apr 2 2009

PC:           87c0785 (suspend)
 

Process:      Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 213, LASTHOG: 213

LASTHOG At:   14:34:59 CDT Apr 2 2009

PC:           87c0785 (suspend)

Traceback:    87c0785  87c0cbc  87c26c3  80b0ce0  83d3eb1  83cd0e8  83cd78a

              83cdaad  83d2b6d  805e983
 

Process:      telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   14:43:19 CDT Apr 9 2009

PC:           835eab8 (suspend)
 

Process:      telnet/ci, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   14:43:19 CDT Apr 9 2009

PC:           835eab8 (suspend)

Traceback:    835eab8  835a146  835a343  8054637  88bec25  87f0622  87c1756

              87c26c3  80b0ce0  80b1f3e  80b28c0  805e983
 

Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 1, MAXHOG: 32, LASTHOG: 32

LASTHOG At:   10:27:31 CDT Apr 13 2009

PC:           8356ddf (suspend)
 

Process:      Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 32, LASTHOG: 32

LASTHOG At:   10:27:31 CDT Apr 13 2009

PC:           8356ddf (suspend)

Traceback:    8356ddf  9170b86  8419838  841e35f  83d19c1  83cc548  83cdc90

              83d2b6d  805e983
 

Process:      ssh_init, PROC_PC_TOTAL: 1, MAXHOG: 4, LASTHOG: 4

LASTHOG At:   10:07:43 CDT Apr 16 2009

PC:           89006e1 (suspend)
 

Process:      ssh_init, NUMHOG: 1, MAXHOG: 4, LASTHOG: 4

LASTHOG At:   10:07:43 CDT Apr 16 2009

PC:           89006e1 (suspend)

Traceback:    89006e1  9119bb4  91171c0  910946f  91092c1  91122fd  912da97

              911a940  9108606  90fa31c  90fecbb  8acca5e  8ac8e6d  8acbb43
 

Process:      telnet/ci, PROC_PC_TOTAL: 2, MAXHOG: 69, LASTHOG: 69

LASTHOG At:   14:36:35 CDT Apr 16 2009

PC:           8b15a8b (suspend)
 

Process:      telnet/ci, NUMHOG: 2, MAXHOG: 69, LASTHOG: 69

LASTHOG At:   14:36:35 CDT Apr 16 2009

PC:           8b15a8b (suspend)

Traceback:    8b162ee  8b20771  87b7b75  917111d  80bce35  80b1ddb  80b28c0

              805e983
 

Process:      update_cpu_usage, PROC_PC_TOTAL: 2, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   14:37:53 CDT Apr 16 2009

PC:           882c89c (suspend)
 

Process:      ARP Thread, NUMHOG: 3, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   14:37:53 CDT Apr 16 2009

PC:           84c442e (suspend)

Traceback:    805e983
 

Process:      ci/console, PROC_PC_TOTAL: 5, MAXHOG: 31, LASTHOG: 31

LASTHOG At:   14:44:22 CDT Apr 16 2009

PC:           87b8305 (suspend)
 

Process:      telnet/ci, NUMHOG: 3, MAXHOG: 31, LASTHOG: 31

LASTHOG At:   14:44:22 CDT Apr 16 2009

PC:           87b8305 (suspend)

Traceback:    87b8305  9181e56  841a1db  841a55b  8419996  841e35f  842837a

              887082a  887090d  87c1756  87c26c3  80b0ce0  80b1f3e  80b28c0
 

Process:      Checkheaps, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   14:44:24 CDT Apr 16 2009

PC:           91693af (suspend)
 

Process:      Checkheaps, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   14:44:24 CDT Apr 16 2009

PC:           91693af (suspend)

Traceback:    91693af  91846e6  805e983
 

Process:      Unicorn Admin Handler, PROC_PC_TOTAL: 6, MAXHOG: 143, LASTHOG: 28

LASTHOG At:   10:04:23 CDT Apr 22 2009

PC:           80b3b5a (suspend)
 

Process:      Unicorn Admin Handler, NUMHOG: 6, MAXHOG: 143, LASTHOG: 28

LASTHOG At:   10:04:23 CDT Apr 22 2009

PC:           80b3b5a (suspend)

Traceback:    80b3b5a  dd58e39d  dd58f09e  dd58cca1  dd58daa5  dd58674c  dd586bc5

              80b4a55  83d484d  83cc594  83cdc90  83d2b6d  805e983
 

Process:      Dispatch Unit, PROC_PC_TOTAL: 219, MAXHOG: 21, LASTHOG: 21

LASTHOG At:   12:27:59 CDT Apr 22 2009

PC:           8172a27 (suspend)
 

Process:      Dispatch Unit, NUMHOG: 11, MAXHOG: 21, LASTHOG: 21

LASTHOG At:   12:27:59 CDT Apr 22 2009

PC:           8172a27 (suspend)

Traceback:    8172a27  805e983
 

Process:      NIC status poll, PROC_PC_TOTAL: 2, MAXHOG: 18, LASTHOG: 18

LASTHOG At:   09:17:31 CDT May 7 2009

PC:           8827f9e (suspend)
 

Process:      NIC status poll, NUMHOG: 2, MAXHOG: 18, LASTHOG: 18

LASTHOG At:   09:17:31 CDT May 7 2009

PC:           8827f9e (suspend)

Traceback:    8827f9e  805e983
 

CPU hog threshold (msec):  2.844

Last cleared: None
 

------------------ show process ------------------
 
 

    PC       SP       STATE       Runtime    SBASE     Stack Process

Lwe 08051bac c750c32c 09b7aeb4          0 c750a418 7920/8192 block_diag

Mrd 081727e4 c753cccc 09b7a7fc     976999 c751ce58 125548/131072 Dispatch Unit

Mwe 0835e1f5 c7541e7c 09b7a5ec          0 c7540088 7496/8192 CF OIR

Mwe 08963190 c7544094 09aac950          0 c75421b0 7872/8192 lina_int

Mwe 08064bc5 c75b35ec 09b7a5ec          0 c75b1748 7672/8192 Reload Control Thread

Mwe 08069626 c75be504 09b7c718          0 c75ba950 15248/16384 aaa

Mwe 08a8717b c75c07fc c897b9e8         19 c75bea78 7000/8192 Boot Message Proxy Process

Mwe 08092416 c75c531c 09b7c774      81034 c75c1428 8952/16384 CMGR Server Process

Mwe 08092925 c75c73e4 09b7a5ec      15028 c75c5550 7696/8192 CMGR Timer Process

Mwe 087dabef cb769324 09b7a5ec        995 cb762590 23396/32768 Unicorn Admin Handler

Lwe 08171342 c75d1a1c 09b877a4          0 c75cfb18 7376/8192 dbgtrace

Msi 083e650c c75da00c 09b7a5ec       4460 c75d80f8 7808/8192 557mcfix

Msi 083e632e c75dc134 09b7a5ec          1 c75da220 7776/8192 557statspoll

Mwe 087db649 c8e1a7f4 c8a08a8c        287 c8e13c30 25832/32768 Unicorn Admin Handler

Mwe 08b5480d c7808b9c 09b7a5ec          1 c75f9b08 7136/8192 netfs_thread_init

Mwe 09144be5 c7607f4c 09b7a5ec          0 c76060c8 7640/8192 Chunk Manager

Msi 087fabee c761332c 09b7a5ec      11065 c7611438 7696/8192 PIX Garbage Collector

Mwe 087ee244 c762018c 09a9dcac          0 c761e288 7904/8192 IP Address Assign

Mwe 089adaf6 c77b2fd4 09adf078          0 c77b10d0 7904/8192 QoS Support Module

Mwe 0886b62f c77b5134 09a9ed50          0 c77b3230 7904/8192 Client Update Task

Lwe 091845b8 c77b79ac 09b7a5ec      55708 c77b5b18 7696/8192 Checkheaps

Mwe 089b0d45 c77bdbdc 09b7a5ec          0 c77bbf78 6624/8192 Quack process

Mwe 08a04632 c77c1f14 09b7a5ec        996 c77be0a0 15504/16384 Session Manager

Mwe 08b03785 c77ccd4c c8360530          6 c77c92f8 14296/16384 uauth

Mwe 08aa5795 c77cf324 09aebdc0          0 c77cd420 7376/8192 Uauth_Proxy

Mwe 08983279 cb76c4fc 09c92110          7 cb76a638 7760/8192 qos_metric_daemon

Msp 08adc06c c77d70bc 09b7a5ec        582 c77d51a8 7552/8192 SSL

Mwe 08b01be6 c77d91a4 09af18c4          0 c77d72d0 7240/8192 SMTP

Mwe 08af6f79 c77db16c 09af1848       1681 c77d93f8 5992/8192 Logger

Mwe 08af359e c77dd3b4 09b7a5ec          0 c77db520 7344/8192 Thread Logger

Mwe 08cd1c42 c77ebc1c 09b242e8          0 c77e9d38 7040/8192 vpnlb_thread

Mwe 0823344d c77f25c4 09b7a5ec          0 c77f0740 7640/8192 TLS Proxy Inspector

Msi 08a1d073 c787ac1c 09b7a5ec       8935 c7878d18 7792/8192 emweb/cifs_timer

Mwe 0860ca27 c78bd6a4 09a948ac          0 c78bb7b0 7520/8192 netfs_mount_handler

Msi 084c2788 c75cb674 09b7a5ec      30301 c75c97a0 7040/8192 arp_timer

Mwe 084cbc7c c75d7e84 09b9af68          0 c75d5fd0 7824/8192 arp_forward_thread

Mwe 0852fb65 c75de1fc 09b9fd60          2 c75dc378 7808/8192 Lic TMR

Msi 08b06cd1 c7605e94 09b7a5ec     149356 c7603fa0 7280/8192 tcp_fast

Msi 08b09e31 c7b4088c 09b7a5ec      47146 c7b3e9a8 7760/8192 tcp_slow

Mwe 08b33bf9 c7b4e57c 09af9a48          0 c7b4c688 7776/8192 udp_timer

Mwe 080e6cb8 c75fdb6c 09b7a5ec          0 c75fbcd8 7760/8192 CTCP Timer process

Mwe 08c82503 c75ffc74 09b7a5ec          0 c75fde00 7728/8192 L2TP data daemon

Mwe 08c832d3 c80c3b3c 09b7a5ec          0 c80c1cb8 7744/8192 L2TP mgmt daemon

Mwe 08c6f3db c80fbc74 09b1e224       2589 c80f7dc0 16048/16384 ppp_timer_thread

Msi 08cd20a7 c80fdcbc 09b7a5ec      12736 c80fbde8 7744/8192 vpnlb_timer_thread

Mwe 080fc9d7 c75cd76c c7601948          1 c75cb8c8 7592/8192 IPsec message handler

Msi 0810ecfc c77d140c 09b7a5ec     229489 c77cf548 6328/8192 CTM message handler

Mwe 088c5a1a c75cf864 09b7a5ec          1 c75cd9f0 7544/8192 NAT security-level reconfiguration

Mwe 089daea8 c82e57f4 09b7a5ec          0 c82e3950 7776/8192 ICMP event handler

Mwe 087550b3 c82e996c 09b7a5ec       2228 c82e5ac8 14888/16384 IP Background

Mwe 08169957 c83513dc 09a726f4         63 c8331518 121084/131072 tmatch compile thread

Mwe 088f1a05 c8427b1c 09b7a5ec          0 c8423c68 15880/16384 Crypto PKI RECV

Mwe 088f44fa c842bc24 09b7a5ec          0 c8427d90 15848/16384 Crypto CA

Lsi 0880aad8 c8463584 09b7a5ec        143 c8461670 7808/8192 uauth_urlb clean

Lwe 087f3f2f c86738f4 09b7a5ec      76556 c8671a80 4228/8192 pm_timer_thread

Mwe 084556c5 c8675e5c 09b7a5ec         12 c8673fc8 7696/8192 IKE Timekeeper

Mwe 084492eb c867b314 09a8fcb4          8 c8677740 14536/16384 IKE Daemon

Mwe 08ab90da c867ef34 09af04d4          0 c867d050 7872/8192 RADIUS Proxy Event Daemon

Mwe 08a8717b c8680ecc c77d26a8         18 c867f128 7032/8192 RADIUS Proxy Listener

Mwe 08ab7cd7 c8683094 09b7a5ec          0 c8681200 7760/8192 RADIUS Proxy Time Keeper

Mwe 084b3a3c c8685e44 09b9aee8          0 c8684010 7008/8192 Integrity FW Task

Mwe 08186d8b c86c9c7c 096595dc       9769 c86aa478 119044/131072 ci/console

Msi 0838bd78 c86cc464 09b7a5ec       3688 c86ca5a0 6392/8192 fover_thread

Mwe 08c572b5 c86ce55c 09d20850        503 c86cc6c8 7504/8192 lu_ctl

Msi 0882c89c c86d04f4 09b7a5ec      95479 c86ce7f0 6088/8192 update_cpu_usage

Msi 08827d31 c86da8ac 09b7a5ec     291833 c86d8a78 5944/8192 NIC status poll

Mwe 08381bcc c77e1514 09b8e700          0 c77df770 7552/8192 fover_rx

Mwe 0837e400 c77edd14 09b8f094          0 c77ebe60 7824/8192 fover_tx

Mwe 0837d50b c77b9c0c 09b9b5c8          0 c77b7d28 7848/8192 fover_ip

Mwe 08391b41 c86f2afc 09b8f0a8          0 c86eee18 15552/16384 fover_rep

Mwe 0838a51d c86fa9f4 09b8f0b0       6647 c86f2e40 31652/32768 fover_parse

Mwe 0836ccab c86fccec 09b8e1d8       3074 c86fae68 7760/8192 fover_ifc_test

Mwe 08370b85 c86fed24 09b7a5ec          0 c86fce90 7760/8192 fover_health_monitoring_thread

Mwe 083a3f10 c8702f74 09b7a5ec          0 c87010e0 7760/8192 ha_trans_ctl_tx

Mwe 083a3f10 c8715fc4 09b7a5ec          0 c8714130 7760/8192 ha_trans_data_tx

Mwe 0839b517 c8717ffc 09b7a5ec          0 c8716158 7520/8192 fover_FSM_thread

Mwe 08c56cdb c871aad4 09b9b028          0 c8718bd0 7832/8192 lu_rx

Lwe 08c56c0c c871cb0c 09d20700          0 c871abf8 7920/8192 lu_dynamic_sync

Mwe 084bdd86 c873c43c 09b9b634     109765 c8738568 15196/16384 IP Thread

Mwe 084c442e c873e534 09b9afe8    1072556 c873c640 4044/8192 ARP Thread

Mwe 083ebe80 c87405bc 09b9b620         34 c873e768 4584/8192 icmp_thread

Mwe 08b34b16 c8742724 09b7a5ec        186 c8740890 7656/8192 udp_thread

Mwe 08b0c06e c874470c 09b9b63c      28172 c87429b8 6272/8192 tcp_thread

Mwe 08a4e793 c87469d4 09ae3900          1 c8744ae0 7176/8192 SNMP Notify Thread

Mwe 080d7543 c8748bd4 09a6f11c     102695 c8746cf0 7580/8192 cppoll

Mwe 08b0ece5 c874aa7c c86db970          0 c8748d18 6904/8192 CP Server Process

Mwe 09197050 c874cb84 09b79ecc          0 c874ad40 7324/8192 rpc_server

Mwe 08b5480d c87c9acc 09b7a5ec         81 c874d518 24816/32768 rtcli async executor process

Mwe 08b074ee c897d83c c86db618      14932 c897ba18 6576/8192 CP Client Process

Mwe 08b15643 c892ee0c 09b7a5ec          0 c892cf78 7048/8192 npshim_thread

Mwe 08a8717b c8a6519c c8a32c30         18 c8a633e8 7368/8192 EAPoUDP-sock

Mwe 081acd75 c8a66f74 09b7a5ec          0 c8a65410 6840/8192 EAPoUDP

Mwe 0857fcb5 cb70a704 09b7a5ec       1006 cb708870 4204/8192 MFIB

Mwe 0857fcb5 cb7185f4 09b7a5ec        623 cb7167b0 4516/8192 PIM IPv4

Mwe 0857fcb5 cb7dc6e4 09b7a5ec        117 cb7da870 3692/8192 IGMP IPv4

Mwe 0818f651 c8b4b7a4 09b7a5ec        134 c8b49900 7712/8192 DHCPD Timer

Mwe 08cb260d c8cdc2c4 09b24008          0 c8cd43d0 32464/32768 vpnfol_thread_msg

Msi 08cb85b2 c8cde2dc 09b7a5ec       5982 c8cdc3f8 7760/8192 vpnfol_thread_timer

Mwe 08cb6ab2 c8ce02b4 09b24180          0 c8cde420 7792/8192 vpnfol_thread_sync

Msi 08cb813c c8ce233c 09b7a5ec      27613 c8ce0448 7776/8192 vpnfol_thread_unsent

Mwe 084afd88 c77efe1c 09b7a5ec          0 c77edf88 7760/8192 Integrity Fw Timer Thread

Msi 0860cafc c75d5c4c 09b7a5ec        560 c75d3d68 7752/8192 netfs_vnode_reclaim

Mwe 0857fcb5 c8db0bb4 09b7a5ec          0 c8daed20 7336/8192 MRIB Process

Mwe 08b5480d c89e14cc 09b7a5ec        265 c885ae90 4796/8192 Unicorn Admin Thread

Mwe 081911be c8a7ae2c 09b7a5ec          1 c8a78fe8 2076/8192 dhcp_daemon

Mwe 08b16758 c8b43784 c8a626e0          0 c8b41ad0 6760/8192 listen/telnet

Mwe 08b16758 c7517644 c8a4f290          0 c7515990 6760/8192 listen/ssh

M*  087b8305 c206c91c 09b7a7fc        223 cb86b7e8 19844/32768 Unicorn Admin Handler

Mwe 08a8717b cb811b2c cb7eb688          0 cb80fd88 7352/8192 IKE Receiver

Mwe 08acd4fb c89dbfec 09b7a5ec          4 c89da158 6272/8192 ssh/timer

 -     -        -         -    3456346440    -         -     scheduler

 -     -        -         -    3459938276    -         -     total elapsed
 

------------------ show kernel process ------------------
 
 

PID PPID PRI NI      VSIZE      RSS      WCHAN STAT  RUNTIME COMMAND
 

  1    0  20  0    1556480      504 3725684979    S       80 init
 

  2    1  34 19          0        0 3725694381    S        0 ksoftirqd/0
 

  3    1  10 -5          0        0 3725736671    S        0 events/0
 

  4    1  11 -5          0        0 3725736671    S        0 khelper
 

  5    1  20 -5          0        0 3725736671    S        0 kthread
 

  7    5  10 -5          0        0 3725736671    S        0 kblockd/0
 

  8    5  20 -5          0        0 3726735694    S        0 kseriod
 

 63    5  20  0          0        0 3725811768    S        0 pdflush
 

 64    5  15  0          0        0 3725811768    S        0 pdflush
 

 65    1  25  0          0        0 3725824451    S        0 kswapd0
 

 66    5  20 -5          0        0 3725736671    S        0 aio/0
 

178    1  17  0    1556480      112 3725684979    S        0 init
 

179  178  23  0    1556480      508 3725684979    S        0 rcS
 

186    1  21 -4    1511424      500          0    S       12 udevd
 

304    1  23 -2          0        0 3725683158    Z        0 modprobe
 

311    1  23 -2          0        0 3725683158    Z        0 modprobe
 

314    1  23 -2          0        0 3725683158    Z        0 modprobe
 

338    1  23 -2          0        0 3725683158    Z        0 modprobe
 

341    1  23 -2          0        0 3725683158    Z        0 modprobe
 

317    1  23 -2          0        0 3725683158    Z        0 modprobe
 

352    1  23 -2          0        0 3725683158    Z        0 modprobe
 

371  179  23  0    1548288      472 3725684979    S        0 S99asa
 

372  371  24  0    1548288      468 3725684979    S        0 rcS
 

395  372  25  0    1351680      344 3725712932    S        0 lina_monitor
 

396  395  15  0  487874560   378988 3725716348    S       87 lina
 

397  396  16  0  487874560   378988          0    S        1 lina
 

398  397  15  0  487874560   378988          0    S        0 lina
 

399  397  16  0  487874560   378988 3725716348    S       22 lina
 

400  397  25  0  487874560   378988          0    R 345978386 lina
 

------------------ show failover ------------------
 

Failover Off 

Failover unit Secondary

Failover LAN Interface: not Configured

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 4 of 250 maximum
 

------------------ show failover history ------------------
 

==========================================================================

From State                 To State                   Reason

==========================================================================

14:24:56 CDT Apr 2 2009

Not Detected               Disabled                   No Error
 

==========================================================================
 

------------------ show traffic ------------------
 

management:

	received (in 3459312.480 secs):

		35700378 packets	2849679231 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459312.480 secs):

		230880 packets	114887376 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 18 pkts/sec,  1506 bytes/sec

      1 minute output rate 2 pkts/sec,  1045 bytes/sec

      1 minute drop rate, 12 pkts/sec

      5 minute input rate 18 pkts/sec,  1614 bytes/sec

      5 minute output rate 2 pkts/sec,  1010 bytes/sec

      5 minute drop rate, 13 pkts/sec

internalMVL:

	received (in 3459312.490 secs):

		34746371 packets	2748628437 bytes

		0 pkts/sec	1 bytes/sec

	transmitted (in 3459312.490 secs):

		5341 packets	307400 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 16 pkts/sec,  1425 bytes/sec

      1 minute output rate 0 pkts/sec,  27 bytes/sec

      1 minute drop rate, 10 pkts/sec

      5 minute input rate 16 pkts/sec,  1533 bytes/sec

      5 minute output rate 0 pkts/sec,  36 bytes/sec

      5 minute drop rate, 10 pkts/sec

InternalWireless:

	received (in 3459312.480 secs):

		2101844 packets	144459041 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459312.480 secs):

		4673 packets	1646285 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 9 pkts/sec,  269 bytes/sec

      1 minute output rate 0 pkts/sec,  1 bytes/sec

      1 minute drop rate, 8 pkts/sec

      5 minute input rate 9 pkts/sec,  281 bytes/sec

      5 minute output rate 0 pkts/sec,  10 bytes/sec

      5 minute drop rate, 8 pkts/sec

Embarq:

	received (in 3459312.490 secs):

		198260 packets	18085770 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459312.490 secs):

		2163 packets	129293 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 0 pkts/sec,  5 bytes/sec

      1 minute output rate 0 pkts/sec,  1 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  7 bytes/sec

      5 minute output rate 0 pkts/sec,  2 bytes/sec

      5 minute drop rate, 0 pkts/sec
 

----------------------------------------

Aggregated Traffic on Physical Interface

----------------------------------------

GigabitEthernet0/0:

	received (in 3459365.250 secs):

		198946 packets	21749026 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459365.250 secs):

		2164 packets	175019 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 0 pkts/sec,  6 bytes/sec

      1 minute output rate 0 pkts/sec,  2 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  8 bytes/sec

      5 minute output rate 0 pkts/sec,  3 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/1:

	received (in 3459365.250 secs):

		34747616 packets	3500601910 bytes

		0 pkts/sec	1000 bytes/sec

	transmitted (in 3459365.250 secs):

		5342 packets	412072 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 16 pkts/sec,  1780 bytes/sec

      1 minute output rate 0 pkts/sec,  37 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 16 pkts/sec,  1898 bytes/sec

      5 minute output rate 0 pkts/sec,  50 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/2:

	received (in 3459365.250 secs):

		2102359 packets	182966918 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459365.250 secs):

		4673 packets	1761547 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 9 pkts/sec,  601 bytes/sec

      1 minute output rate 0 pkts/sec,  2 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 9 pkts/sec,  615 bytes/sec

      5 minute output rate 0 pkts/sec,  14 bytes/sec

      5 minute drop rate, 0 pkts/sec

GigabitEthernet0/3:

	received (in 3459365.250 secs):

		0 packets	0 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459365.250 secs):

		0 packets	0 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 0 pkts/sec,  0 bytes/sec

      1 minute output rate 0 pkts/sec,  0 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  0 bytes/sec

      5 minute output rate 0 pkts/sec,  0 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Control0/0:

	received (in 3459365.250 secs):

		1747799 packets	157040756 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459365.250 secs):

		5191114 packets	377950554 bytes

		0 pkts/sec	1 bytes/sec

      1 minute input rate 0 pkts/sec,  45 bytes/sec

      1 minute output rate 1 pkts/sec,  109 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 0 pkts/sec,  45 bytes/sec

      5 minute output rate 1 pkts/sec,  109 bytes/sec

      5 minute drop rate, 0 pkts/sec

Internal-Data0/0:

	received (in 3459365.250 secs):

		12888980 packets	824894656 bytes

		0 pkts/sec	0 bytes/sec

	transmitted (in 3459365.250 secs):

		12888982 packets	824894848 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 3 pkts/sec,  238 bytes/sec

      1 minute output rate 3 pkts/sec,  238 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 3 pkts/sec,  238 bytes/sec

      5 minute output rate 3 pkts/sec,  238 bytes/sec

      5 minute drop rate, 0 pkts/sec

Management0/0:

	received (in 3459365.250 secs):

		35701095 packets	3479796981 bytes

		0 pkts/sec	1000 bytes/sec

	transmitted (in 3459365.250 secs):

		230798 packets	119155490 bytes

		0 pkts/sec	0 bytes/sec

      1 minute input rate 17 pkts/sec,  1832 bytes/sec

      1 minute output rate 2 pkts/sec,  1080 bytes/sec

      1 minute drop rate, 0 pkts/sec

      5 minute input rate 18 pkts/sec,  1945 bytes/sec

      5 minute output rate 2 pkts/sec,  1044 bytes/sec

      5 minute drop rate, 0 pkts/sec
 

------------------ show perfmon ------------------
 
 

PERFMON STATS:                     Current      Average

Xlates                                0/s          0/s

Connections                           0/s          0/s

TCP Conns                             0/s          0/s

UDP Conns                             0/s          0/s

URL Access                            0/s          0/s

URL Server Req                        0/s          0/s

TCP Fixup                             0/s          0/s

TCP Intercept Established Conns       0/s          0/s

TCP Intercept Attempts                0/s          0/s

TCP Embryonic Conns Timeout           0/s          0/s

HTTP Fixup                            0/s          0/s

FTP Fixup                             0/s          0/s

AAA Authen                            0/s          0/s

AAA Author                            0/s          0/s

AAA Account                           0/s          0/s
 

VALID CONNS RATE in TCP INTERCEPT:    Current      Average

                                       N/A         96.00%
 

------------------ show counters ------------------
 

Protocol     Counter                             Value   Context

IP           IN_PKTS                          17935085   Summary

IP           OUT_PKTS                          3517055   Summary

IP           IN_DROP_UNK                        820984   Summary

IP           IN_DROP_NFU                             4   Summary

IP           TO_ARP                           15320664   Summary

IP           TO_UDP                              44554   Summary

IP           TO_ICMP                               723   Summary

IP           TO_TCP                            1747966   Summary

TCP          IN_PKTS                           1747966   Summary

TCP          OUT_PKTS                          5195723   Summary

TCP          RCV_GOOD                          1735914   Summary

TCP          DROP_NRST                               9   Summary

TCP          DROP_IGNORE4                      3471828   Summary

TCP          HASH_ADD                                1   Summary

TCP          HASH_MISS                               9   Summary

TCP          SND_SYN                                 1   Summary

TCP          SND_ACK                           1729999   Summary

TCP          RCV_ACK                             12042   Summary

UDP          IN_PKTS                             44554   Summary

UDP          OUT_PKTS                            44561   Summary

UDP          DROP_NO_APP                             3   Summary

ICMP         IN_PKTS                               723   Summary

ICMP         OUT_PKTS                              719   Summary

SSLERR       BAD_PROTOCOL_VERSION_NUMBER             8   Summary

SSLERR       BAD_SIGNATURE                           3   Summary

SSLALERT     RX_CLOSE_NOTIFY                        28   Summary

SSLALERT     RX_WARNING_ALERT                       28   Summary

SSLALERT     TX_CLOSE_NOTIFY                      1159   Summary

SSLALERT     TX_WARNING_ALERT                     1159   Summary

SSLDEV       NEW_CTX                                 2   Summary

SSLNP        OPEN_CONN                               3   Summary

SSLNP        HANDSHAKE_START                      1227   Summary

SSLNP        HANDSHAKE_DONE                       1227   Summary

SSLNP        DOWNSTREAM_CLOSE                     4794   Summary

SSLNP        DOWNSTREAM_CLOSE_NEXT                1229   Summary

SSLNP        UPSTREAM_CLOSE                       1230   Summary

SSLNP        UPSTREAM_CLOSE_NEXT                  1229   Summary

SSLNP        FREE_CONN                            1229   Summary

SSLNP        NEW_CONN_SERVER                      1230   Summary

SSLNP        EXTRACT_VIA_DUPB                      462   Summary

SSLNP        IN_PKTS_RX                          10536   Summary

SSLNP        IN_PKTS_TX                           1759   Summary

SSLNP        OUT_PKTS_RX                        109409   Summary

SSLNP        OUT_PKTS_TX                        111866   Summary

SSLNP        SESSIONS_CLEARED                       69   Summary

NPSHIM       GET_REQUEST                            16   Summary

NPSHIM       GET_NONE                                8   Summary

NPSHIM       GET_RECV                                8   Summary

NPSHIM       READ_CTX_CLOSED                         5   Summary

NPSHIM       READ_NOBLOCK_NO_BUF                     9   Summary

NPSHIM       READ_RECV                            2947   Summary

NPSHIM       READ_EOF                                2   Summary

NPSHIM       SLCT_REQUEST                           19   Summary

NPSHIM       SLCT_EVENT                             17   Summary

NPSHIM       CTX_ALLOC                          404119   Summary

NPSHIM       CTX_FREE                           404111   Summary

NPSHIM       CLOSE_LISTEN                            3   Summary

NPSHIM       IOCTL_TCPFIP_FAIL                       7   Summary
 

------------------ show mode ------------------
 

Security context mode: single 
 

------------------ show history ------------------
 
 

------------------ show firewall ------------------
 

Firewall mode: Router
 

------------------ show running-config ------------------
 

: Saved

:

ASA Version 8.0(4) 

!

hostname ciscoasa

domain-name mvl.kmmfg.com

enable password <removed>

passwd <removed>

multicast-routing

names

name 192.168.37.231 CribMaster

!

interface GigabitEthernet0/0

 nameif Embarq

 security-level 0

 ip address 65.40.186.250 255.255.255.128 

!

interface GigabitEthernet0/1

 nameif internalMVL

 security-level 75

 ip address 192.168.37.44 255.255.252.0 

!

interface GigabitEthernet0/2

 nameif InternalWireless

 security-level 75

 ip address 192.168.10.1 255.255.255.0 

!

interface GigabitEthernet0/3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Management0/0

 nameif management

 security-level 100

 ip address 157.116.123.70 255.255.255.0 

 management-only

!

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns server-group DefaultDNS

 domain-name mvl.kmmfg.com

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

pager lines 24

logging enable

logging asdm informational

mtu management 1500

mtu internalMVL 1500

mtu InternalWireless 1500

mtu Embarq 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-615.bin

no asdm history enable

arp timeout 14400

global (Embarq) 101 interface

nat (management) 101 0.0.0.0 0.0.0.0

static (InternalWireless,internalMVL) interface 192.168.10.10 netmask 255.255.255.255 

static (InternalWireless,Embarq) interface 192.168.10.10 netmask 255.255.255.255 

static (InternalWireless,internalMVL) 192.168.37.75 192.168.10.11 netmask 255.255.255.255 

static (internalMVL,InternalWireless) 192.168.10.15 CribMaster netmask 255.255.255.255 

route Embarq 0.0.0.0 0.0.0.0 65.40.186.241 1

route internalMVL 192.168.37.0 255.255.255.0 192.168.37.81 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 159.168.123.58 255.255.255.255 management

http 0.0.0.0 0.0.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto isakmp enable internalMVL

crypto isakmp enable InternalWireless

crypto isakmp policy 5

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 10

 authentication pre-share

 encryption des

 hash sha

 group 2

 lifetime 86400

telnet 0.0.0.0 0.0.0.0 management

telnet 157.116.123.58 255.255.255.255 management

telnet 0.0.0.0 0.0.0.0 Embarq

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 management

ssh 157.116.123.58 255.255.255.255 management

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny  

  inspect sunrpc 

  inspect xdmcp 

  inspect sip  

  inspect netbios 

  inspect tftp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:9e52208c2eefa1a8e1dad3a7bba8e090

: end
 

------------------ show startup-config errors ------------------
 

WARNING: IPS policy is configured with incompatible SSM card.

*** Output from config line 134, "  ips inline fail-close"

WARNING: IPS policy is configured with incompatible SSM card.

*** Output from config line 137, "  ips promiscuous fail-c..."
 

------------------ console logs ------------------
 

Message #1 : Message #2 : 

Total SSMs found: 1

Message #3 : ASA-SSM-CSC-10, SN JAF1204BGJK, HW ver 1.0, FW ver 1.0(11)2

Message #4 : 

Total NICs found: 7

Message #5 : mcwa Message #6 : i82557 Ethernet at irq 11Message #7 :   MAC: 001e.f762.c0a6

Message #8 : mcwa Message #9 : i82557 Ethernet at irq  5Message #10 :   MAC: 0000.0001.0001

Message #11 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 00Message #12 :  MAC: 001e.f762.c0a2

Message #13 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 3 index 01Message #14 :  MAC: 001e.f762.c0a3

Message #15 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 02Message #16 :  MAC: 001e.f762.c0a4

Message #17 : i82546GB rev03 Gigabit Ethernet @ irq09 dev 2 index 03Message #18 :  MAC: 001e.f762.c0a5

Message #19 : i82547GI rev00 Gigabit Ethernet @ irq11 dev 1 index 05Message #20 :  MAC: 0000.0001.0002

Message #21 : 

Licensed features for this platform:

Message #22 : Maximum Physical Interfaces  : Unlimited 

Message #23 : Maximum VLANs                : 150       

Message #24 : Inside Hosts                 : Unlimited 

Message #25 : Failover                     : Active/Active

Message #26 : VPN-DES                      : Enabled   

Message #27 : VPN-3DES-AES                 : Enabled   

Message #28 : Security Contexts            : 2         

Message #29 : GTP/GPRS                     : Disabled  

Message #30 : VPN Peers                    : 750       

Message #31 : WebVPN Peers                 : 2         

Message #32 : AnyConnect for Mobile        : Disabled  

Message #33 : AnyConnect for Linksys phone : Disabled  

Message #34 : Advanced Endpoint Assessment : Disabled  

Message #35 : UC Proxy Sessions            : 2         

Message #36 : 

This platform has an ASA 5520 VPN Plus license.

Message #37 : 

Message #38 : Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Message #39 :                              Boot microcode   : CN1000-MC-BOOT-2.00 

Message #40 :                              SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

Message #41 :                              IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

Message #42 : 

Cisco Adaptive Security Appliance Software Version 8.0(4) 

Message #43 : 

Message #44 :   ****************************** Warning *******************************

Message #45 :   This product contains cryptographic features and is

Message #46 :   subject to United States and local country laws

Message #47 :   governing, import, export, transfer, and use.

Message #48 :   Delivery of Cisco cryptographic products does not

Message #49 :   imply third-party authority to import, export,

Message #50 :   distribute, or use encryption. Importers, exporters,

Message #51 :   distributors and users are responsible for compliance

Message #52 :   with U.S. and local country laws. By using this

Message #53 :   product you agree to comply with applicable laws and

Message #54 :   regulations. If you are unable to comply with U.S.

Message #55 :   and local laws, return the enclosed items immediately.

Message #56 : 

Message #57 :   A summary of U.S. laws governing Cisco cryptographic

Message #58 :   products may be found at:

Message #59 :   http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

Message #60 : 

Message #61 :   If you require further assistance please contact us by

Message #62 :   sending email to export@cisco.com.

Message #63 :   ******************************* Warning *******************************

Message #64 : 

Message #65 : Copyright (c) 1996-2008 by Cisco Systems, Inc.
 

Message #66 :                 Restricted Rights Legend
 

Message #67 : Use, duplication, or disclosure by the Government is

Message #68 : subject to restrictions as set forth in subparagraph

Message #69 : (c) of the Commercial Computer Software - Restricted

Message #70 : Rights clause at FAR sec. 52.227-19 and subparagraph

Message #71 : (c) (1) (ii) of the Rights in Technical Data and Computer

Message #72 : Software clause at DFARS sec. 252.227-7013.
 

Message #73 :                 Cisco Systems, Inc.

Message #74 :                 170 West Tasman Drive

Message #75 :                 San Jose, California 95134-1706
 

Message #76 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=54784 len=32

Message #77 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=54784 len=32

Message #78 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=55040 len=32

Message #79 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=55040 len=32

Message #80 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=55296 len=32

Message #81 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=55296 len=32

Message #82 : ICMP echo request from 157.116.123.58 to 157.116.123.70 ID=512 seq=55552 len=32

Message #83 : ICMP echo reply from 157.116.123.70 to 157.116.123.58 ID=512 seq=55552 len=32

Open in new window

0
Comment
Question by:MVLIS
  • 3
  • 2
6 Comments
 
LVL 13

Assisted Solution

by:Quori
Quori earned 400 total points
Comment Utility
Does the default gateway for hosts on the .37 network have a route to .10 via 192.168.37.44?
0
 
LVL 5

Assisted Solution

by:yashinchalad
yashinchalad earned 100 total points
Comment Utility

route internalMVL 192.168.37.0 255.255.255.0 192.168.37.81 1
me confused , is this 192.168.37.44 (thats the interface IP)?

also do u add

route InternalWireless 192.168.10.0 255.255.255.0 192.168.10.1 1
just to make sure firewall understands its an internal route?
let me know.
0
 

Author Comment

by:MVLIS
Comment Utility
No there is no route to .10 from .37 gateway through 192.168.37.44, but doing so would make perfect sense wouldn't it?  Let me try that and I'll get right back to you.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:MVLIS
Comment Utility
Now I get a new message: No translation group found for icmp src internalMVL:192.168.37.1 dst InternalWireless:192.168.10.10 (type 8, code 0).  So it is hitting the 192.168.37.44 interface (internalMVL), but getting dropped any clue?  Sorry I'm new to the ASA, I've been using Checkpoint for a long time, and seem to be a little slow on the uptake.
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 400 total points
Comment Utility
For a start, we don't need to NAT between two internal interfaces so you can change this:

static (InternalWireless,internalMVL) interface 192.168.10.10 netmask 255.255.255.255
static (InternalWireless,internalMVL) 192.168.37.75 192.168.10.11 netmask 255.255.255.255

We should probably fix your NAT config too.

You can add a route statement for the .10 network if you so choose, but since its an interface you don't really need to.

Internal interfaces also usually have a security level of 100.
0
 
LVL 13

Accepted Solution

by:
Quori earned 400 total points
Comment Utility
Be sure to:

clear xlate

To flush any translations before you test again.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now