• State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 39 subscribers
  • Views 2584 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

High Number of Discards from ASA-5505 Interfaces

jodros

Hey everyone,

     I know that sometimes, depending on the MIB table of the device, NPM can report discards on an interface indicating a link issue.  However in actuality it could be normal device operation.  I am running into that situation with several sets of ASA-5505's.  In our environment, we utilize many ASA platforms, from ASA-5550's to ASA-5505's.  The four ASA-5505's are the only devices experiencing this issue.  Since all ASA-5505's are experincing this issue, I starting looking at what NPM could actually be reporting.  The main difference between the ASA-5505 and all other ASA's, besides horsepower, is that there is a built-in switch.  Interfaces on the switch are assinged to VLANS.  Then there is a VLAN ACL that is used for denying traffic.  I believe that NPM is reporting "discards" on these ASA-5505 interfaces due to VACL drops, which would be normal operation. 

Has anyone else experienced this issue?  Any information would be appreciated.

Thanks

  • 0

    we have a lot of ACLs spread throughout and a majority of our 'discards' on interfaces are due to this (ACL discards), especially on our vpn links.

    it's too bad we can't associate these two for filtering and get what is a true discard.

    i guess the MIB read by Solarwinds is the answer whether it is dropped by ACLs, errors, or high traffic use. most gigabit interfaces in our environment are no where near high util to cause a discard.

    my two-cents...

  • 0 in reply to lchance

    lchance,

         thanks for the reply.  i believe it to be related to the VACL as well.  anyone else have some insight?

     

    thanks

  • 0

    I'd like to add that we have the same problem on our access points. 

    One of our offices is in a shared building so we log a ton of "discards".  In reality, most of these are non-company laptops associating with our APs because their laptops attempt connections alphabetically instead of going right to their own company's SSID.

  • 0

    We happen to have numerous ASA 5520's in our enterprise and some of our contexts are showing on Orion as having receive discards.  Orion shows a large amount of rec discards, but the ASA shows a smaller amount of general discards on the interface.  Our Firewall tech is asking me to pose some questions:

    After looking through all manner of statisitics and information within the ASA itself I can’t find anything that indicates a problem resulting in these discards. Then I wondered if Orion would consider an inbound firewall drop (a packet that doesn’t match a permit statement in an inbound ACL) a “receive discard”. Also can you ask if there is any way to find out more information about the cause of a receive discard for an ASA in particular?  Orion shows a much larger # of discards than the actual ASA does, so could it be possible its reading an different MIB or something.

    Any input on this would be great because he cannot seem to see any reason for discards or that its impacting the interface or ASA at all.  Thanks.

  • 0 in reply to whitejcdc

    I have noticed this on our VPN devices as well.  We have VPN concentrators that have upwards of about 500 people at any one time on them we they ALWAYS have high numbers of discards.  There are no ACLs running here since they do VPN only, no firewall function.  So my thought was always it was packets that the device expected to be encrypted or not encrypted and when it got what it did  not expect it drops it and flips the counter.  If I watch logs I see a lot of "expected this and got that" type of thing.

    So long story short I have considered it harmless and expected on a VPN device.

  • 0

    If anyone of you found the reason or solution, let me know.

    I have a same situation with 5505.

  • 0

    I too am seeing this issue - is there a solution out there?

  • 0 in reply to seigniory

    Are these failed association attempts logged as receive discards, transmit, or both?

    Thank you,

    Dustin

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.