Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
5
Replies

ASA 5520 Active/standby - Standby ASA crashing

rbroomfield
Level 1
Level 1

‎02-09-2015 02:30 AM - edited ‎03-11-2019 10:28 PM

Hi All,

 

Recently upgraded 2 5520's to 8.4(2) and put them in active/standby.

I am now experiencing an issue whereby the standby ASA keeps crashing rebooting periodically.

<--- More --->
Thread Name: Dispatch Unit
Page fault: Address not mapped
    vector 0x0000000e
       edi 0x00001400
       esi 0x00000006
       ebp 0x6deeaf50
       esp 0x6deeaee8
       ebx 0x00000000
       edx 0x74634cd0
       ecx 0x6deeaf30
       eax 0x00000000
error code 0x00000004
       eip 0x08904125
        cs 0x00000073
    eflags 0x00013202
       CR2 0x00000010

 


 

Does anybody have any suggestions as to why? or even better a solution?

 

Any help always appreciated.

 

Labels:
0 Helpful
5 Replies 5

Karsten Iwen
VIP
VIP

‎02-09-2015 03:34 AM

  • Do both units are the same?
  • Do you have the supported amount of RAM (2 Gigabyte)?
  • And why do you upgrade to an old version? First try the actual 8.4 version which is 8.4(7)x.
0 Helpful

rbroomfield
Level 1
Level 1
In response to Karsten Iwen

‎02-09-2015 04:11 AM

Hi Karsten,

 

Thank you for responding.

 

Both of the firewalls are exactly the same and have 2Gb of RAM installed.

I don't currently have a more recent version to use but will try to acquire this.

its strange, the secondary fw boots and seems stable for approximately 25mins before crashing.

 

 

 

 

0 Helpful

campbech1
Level 1
Level 1

‎02-10-2015 06:02 PM

We had a similar issue last year with our firewalls after performing an upgrade.

I ended up breaking the redundancy, take the standby firewall off the network, defaulted the standby firewall, posted the primary firewall configuration to the standby firewall (with it off the network), and I found we had some configuration corruption while performing the upgrade.

Found the corruption while posting the configuration back into the firewall line by line. Fixed the corrupt lines and let it bake for a few days. During a downtime window I had a short downtime to switch to the "new" configuration on the standby firewall, default the old primary firewall, bring up the redundancy between firewalls and then haven't upgraded for about a year. :)

0 Helpful

rbroomfield
Level 1
Level 1
In response to campbech1

‎02-11-2015 12:51 AM

Thanks for your input.

Can i ask what the corrupted lines were?

 

I've managed to get my hands on 9.1(5.12) and think i may try another upgrade.

0 Helpful

campbech1
Level 1
Level 1
In response to rbroomfield

‎02-11-2015 07:07 AM

The corrupt lines were NAT entries. The configuration had NAT rules in the configuration that didn't even follow the correct syntax. I couldn't remove the rules at all.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card