Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
3
Replies

ASA5525 stopped responsive and was not accessible via ASDM, although it was accessible via SSH. And the issue was resolved after reloading the ASA.

Tuba
Cisco Employee
Cisco Employee

‎08-14-2019 09:49 AM

ASA5525 stopped responsive and was not accessible via ASDM, although it was accessible via SSH. And the issue was resolved after reloading the ASA. 

We noticed after reload there are numerous  ‘FSCK0001.REC’, ‘FSCK0002.REC’ files etc on the flashcard of the firewall. 

 

Cisco Adaptive Security Appliance Software Version 9.10(1)
Firepower Extensible Operating System Version 2.4(1.103)
Device Manager Version 7.12(1)

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎08-14-2019 11:48 AM

If you are looking to find out the root cause of this, I would suggest creating a case with Cisco TAC.  They have tools that analyze logs and crash files much better than what we can.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

bhanson01
Level 1
Level 1
In response to Marius Gunnerud

‎08-15-2019 11:05 AM

I've got the same issue.  Randomly a few times a month the ASA will quit passing traffic, I cannot connect with ASDM but I can telnet to issue the reload command.  Once the ASA reboots it operates as expected.  I just opened a TAC case, waiting to hear back from them.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to bhanson01

‎08-16-2019 01:07 AM

You might want to check the connections table (show conn).  Try to filter on a specific address as this table will be quite long.  I have seen that sometimes if connection through the ASA is lost and then re-established a short time later there will be stale connections in the connections table (or more accuratly incorrect entries).  We use dynamic routing so when that route goes down the default route is used and an entry in the connection table is established to the outside interface instead of a DMZ interface.  However, once the dynamic route is back in place the connection table does not update automatically so it still sends traffic destined for the DMZ to the outside interface.  A clear conn all or clear conn specific IP solves the issue for us.  I have had a few TAC cases on this but it has yet not been classified as a bug as far as I know.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card