02-28-2011 03:02 AM - edited 03-11-2019 12:57 PM
Hello everybody,
I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces.
It suddenly started to crash every 10/20 minutes and rebooting alone.
First of all I checked system resources witch are in a very low usage state.
I also checked interfaces errors, but nothing strange come out o from error counters analisys.
I tried disabling logging and all the service policy rules configured, but nothing changed.
Nothing changed and firewal continue restarting by himself.
Last logs I received before crash were:
%ASA-4-711004: Task ran for 35 msec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 msec, Process = Dispatch Unit, PC = 84a619e, Call stack = 0x084A619E 0x084A6512 0x084A70E1 0x084A7987 0x084A7AAA 0x08558B9B 0x08558E8A 0x083D3518 0x083CA145 0x080659D1 0x089196D9 0x08919790 0x089FF711 0x08A27468
Here the sh crashinfo command on module 0, after last reboot:
hread Name: Dispatch Unit
Page fault: Address not mapped
vector 0x0000000e
edi 0x00000000
esi 0x6d385d1c
ebp 0x6c2d5a90
esp 0x6c2d5a28
ebx 0x6d37fe90
edx 0x6d385d28
ecx 0x6d385e28
eax 0xfffffffc
error code 0x00000005
eip 0x08cda948
cs 0x00000073
eflags 0x00013286
CR2 0xfffffffc
Cisco Adaptive Security Appliance Software Version 8.3(1)
Compiled on Thu 04-Mar-10 16:56 by builders
Hardware: ASA5520
Crashinfo collected on 11:43:50.787 CEST Mon Feb 28 2011
Any suggestion to find out the problem????
Thank you very much,
Matt
02-28-2011 03:27 AM
My advise would be to open a TAC case so the complete crash dump can be decoded and analysed, and it probably will match a specific bug and software upgrade will be required. TAC should be able to advise you further on the crash.
02-10-2012 12:51 AM
Hello,
I have exactly the same problem with an ASA5520 under version 8.4(2) since yesderday;
Did the TAC solve this problem?
Thank you,
Best Rgds,
Jerome
02-23-2012 01:53 AM
I hit this one today...
See: CSCtr33228
Thanks,
Aaron
03-02-2012 12:53 AM
Hello,
I've got exactly the same problem for few days with ASA5520 under version 8.2(1). Is there a known solution ?
Best Regards,
Yann SZKOLNIK
03-02-2012 05:53 AM
PS: my device wasn't in a failover scenario, and we didn't find a triggering event, but it seemed to be a randomic trouble.
03-02-2012 05:46 AM
Hello everybody,
at that time we opened a TAC case, and Cisco directly changed our device. This trouble created a big problem in our organization, and nobody still knows why it suddenly happened.
We wasn't so happy to pay for get assistance for something that wasn't related to an our mistake and that happened on a very young device.
Fortunately, since we changed the hardware the problem didn't happen again...
Good luck,
Matteo
03-02-2012 05:52 AM
Hello Matteo,
Apparently upgrade to 8.4.5.2 could solve the problem. I will test this solution next week, i'll give you my feedback and tell you if after this upgrade the asa work fine.
Best Regards,
Yann SZKOLNIK
04-03-2013 04:26 AM
Hello Yann,
we have the same problem. Could you try to upgrade to 8.4.5.2?
Thanks
Best Regads
AVP
03-09-2012 02:47 AM
We also seem to get this crash, since we updated to 8.2.5(22).
It seems to crash just after replicating the configuration. Only the Standby unit is crashing.
Might also be that the bug CSCtr33228 is also in 8.2.5(22) Previous version was 8.2.4(4) which did not crash.
Here a part of our dump:
sh crashinfo
: Saved_Crash
Thread Name: Dispatch Unit
Page fault: Address not mapped
vector 0x0000000e
edi 0x00000000
esi 0x00000000
ebp 0xc92d3290
esp 0xc92d3058
ebx 0xcdfa9a1c
edx 0x00000000
ecx 0xcdfa9a1c
eax 0x00005884
error code 0x00000004
eip 0x0876af80
cs 0x00000073
eflags 0x00013202
CR2 0x000000b8
Cisco Adaptive Security Appliance Software Version 8.2(5)22
04-03-2013 04:43 AM
Hello,
We solved this problem one year ago. Firstable i disabled logs recording and the 5520 immediatly stopped to reboot.
Few weeks later, i upgraded to 8.3(1), i'm not sure it was the best idea i've had, cause syntax of some parts of configuration have changed with this new version. Fortunely all tests were made on a spare 5520 but i had to rewrite all the firewall rules.
Best Regards,
Yann SZKOLNIK
04-03-2013 05:15 AM
Hello,
Thanks for the quick reply.
We have disabled logs recording in the ASA, we send the logs to a Syslog Server.
We will analyze to upgrade the version.
Best Regards
AVP
04-03-2013 05:17 AM
Hello,
We used a syslog server too, but this problem stopped when i disabled all logging actions.
Best Regards,
Yann SZKOLNIK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: