• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

Cisco ASA 5510 showing a lot of traffic


This afternoon our bandwidth here maxed out and everyting came to a halt. Come to find out it was going to our payroll processing site ADP. I am now seeing about 50% + of traffice going to which nslookup shows as server2.us.fma.net,

I went into the CLI and used the show conn | i I am not sure what this is or how I can kill the connections. It is pointing to a few machines here in the building. I would like to terminate the connections so I can bring traffic back down to normal.. Can someone please assist me with this.

thank you
1 Solution
Is this an legitimate server that your company needs to access?

How about a deny rule..

access-list interface deny ip any host

Ernie BeekExpertCommented:
How about using something like wireshark to first have a look what kind of traffic it is exactly?
sethendresAuthor Commented:
This would not be a legitmate server that anyone needs to access. I was able to see that it trasferred 300mb over it. before I killed the connection. I did implement a deny rule.

I was able to see where it was going to using, show threat-detection statistics top host.

Then using show conn | i address

The public IP was it is saying it is a non-existent domain. Something just does not add up for me.

the adp transfers are small, it's just text information. data shall 5-10Megs at most for larger organizations.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now