cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1426
Views
0
Helpful
5
Replies
Highlighted
Beginner

asa5505 crashing perhaps related to maximum connections per second

I have an asa5505 with software version 7.2(3) that randomly stops responding.

The firewall sits in front of a public facing webserver that handles a significant amount of traffic.

I was wondering that would happen when the asa5505 reaches or exceeds the 4000 connections per second limit... i.e. would this possibly explain why my asa5505 stops responding and requires a power cycle in order to start working again.

when it "crashes" it does not respond on either the outside or inside interfaces.

5 REPLIES 5
Cisco Employee

asa5505 crashing perhaps related to maximum connections per seco

do you get any output from "show crash"? if you do, please post the output, it is probably a bug.

Beginner

asa5505 crashing perhaps related to maximum connections per seco

i get "no crash file found" when i run that command.

I have powered the device off and on repeatedly in the last week if that affects a crash file being present.

Contributor

asa5505 crashing perhaps related to maximum connections per seco

When you say 'stops responding' what do you mean? Does it simply not respond to HTTPS for ASDM or are you trying telnet/ssh/console?

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349
Beginner

asa5505 crashing perhaps related to maximum connections per seco

when it stops responding, the webserver requests timeout which is how we first notice the problem, the ASDM from an internal host cannot be reached, and from an inside IP address I cant even ping the inside interface of the 5505.

only a power cycle brings it back online.

Contributor

Re: asa5505 crashing perhaps related to maximum connections per

Investigation into this issue should be performed via the console connection. This may allow you access to debugs/switchport states/etc. that you will not otherwise get if the ASA is not accepting connections through the LAN. I understand that a quick power-cycle 'resolves' the issue but you're dooming yourself to face it again. Next time this happens I would recommend interrogating the device via console and posting back your results. From there, I'm sure we can help.

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349