诊断思路

    1. 日志量过大,将日志记录到外部syslog
    2. 内存泄漏,升级版本
    3. debug
    4. 阻止端口,安全设备外部端口收到大量违规流量需要阻断,禁止ISP端的违规流量
    5. 威胁检测,关闭威胁检测
    1. ASAv# show blocks
    2.   SIZE    MAX    LOW    CNT
    3.      0    950    950    950
    4.      4    100    100    100
    5.     80   1000    998    999
    6.    256   4148   4138   4143
    7.   1550   6174   6171   6172
    8.   2048   2100   2100   2100
    9.   2560    164    164    164
    10.   4096    100    100    100
    11.   8192    100    100    100
    12.   9344    100    100    100
    13.  16384    100    100    100
    14.  65536     16     16     16
    • 4 Duplicates existing blocks in the Domain Name System (DNS), Internet Security Association and Key Management Protocol (ISAKMP), URL-filtering, user authentication (uauth), H.323, and Transmission Control Protocol (TCP) modules
    • 80 Used in TCP intercept to generate an Acknowledgment (ACK) packet, failover, and hello messages
    • 256 Stateful failover, syslog, and TCP module
    • 1550 memory used to process for Ethernet (10M and 100M) packets as they pass through the firewall
    • 16384 memory used for gigabit Ethernet
    • 65536 QoS metrics

    命令相关文档
    https://www.tunnelsup.com/cisco-asa-understanding-the-show-blocks-command/
    https://community.cisco.com/t5/security-documents/information-contained-in-the-show-blocks-command-output/ta-p/3131513

    1. hostname# show local-host all
    2.  Interface outside: 1 active, 2 maximum active, 0 denied
    3.  local host: <11.0.0.4>,
    4.  TCP flow count/limit = 0/unlimited
    5.  TCP embryonic count to host = 0
    6.  TCP intercept watermark = unlimited
    7.  UDP flow count/limit = 0/unlimited 
    8.  Conn:
    9.  105 out 11.0.0.4 in 11.0.0.3 idle 0:01:42 bytes 4464
    10.  105 out 11.0.0.4 in 11.0.0.3 idle 0:01:44 bytes 4464
    11.  Interface inside: 1 active, 2 maximum active, 0 denied
    12.  local host: <17.3.8.2>,
    13.  TCP flow count/limit = 0/unlimited
    14.  TCP embryonic count to host = 0
    15.  TCP intercept watermark = unlimited
    16.  UDP flow count/limit = 0/unlimited 
    17.  Conn:
    18.  105 out 17.3.8.2 in 17.3.8.1 idle 0:01:42 bytes 4464
    19.  105 out 17.3.8.2 in 17.3.8.1 idle 0:01:44 bytes 4464
    20.  Interface NP Identity Ifc: 2 active, 4 maximum active, 0 denied
    21.  local host: <11.0.0.3>,
    22.  TCP flow count/limit = 0/unlimited
    23.  TCP embryonic count to host = 0
    24.  TCP intercept watermark = unlimited
    25.  UDP flow count/limit = 0/unlimited 
    26.  Conn:
    27.  105 out 11.0.0.4 in 11.0.0.3 idle 0:01:44 bytes 4464
    28.  105 out 11.0.0.4 in 11.0.0.3 idle 0:01:42 bytes 4464
    29.  local host: <17.3.8.1>,
    30.  TCP flow count/limit = 0/unlimited
    31.  TCP embryonic count to host = 0
    32.  TCP intercept watermark = unlimited
    33.  UDP flow count/limit = 0/unlimited 
    34.  Conn:
    35.  105 out 17.3.8.2 in 17.3.8.1 idle 0:01:44 bytes 4464
    36.  105 out 17.3.8.2 in 17.3.8.1 idle 0:01:42 bytes 4464
    37.  hostname# show local-host 10.1.1.91
    38.  Interface third: 0 active, 0 maximum active, 0 denied
    39.  Interface inside: 1 active, 1 maximum active, 0 denied
    40.  local host: <10.1.1.91>,
    41.  TCP flow count/limit = 1/unlimited
    42.  TCP embryonic count to (from) host = 0 (0)
    43.  TCP intercept watermark = unlimited
    44.  UDP flow count/limit = 0/unlimited
    45.  Xlate:
    46.  PAT Global 192.150.49.1(1024) Local 10.1.1.91(4984)
    47.  Conn:
    48.  TCP out 192.150.49.10:21 in 10.1.1.91:4984 idle 0:00:07 bytes 75 flags UI Interface
    49.  outside: 1 active, 1 maximum active, 0 denied
    1.     Show memory top-usage