we have a cisco asa5585-x firewall and it is crashing twice per week and it is generating crash dumps.
can somebody help please?
ASA-SSL-VPN-III# show version
Cisco Adaptive Security Appliance Software Version 9.6(4)12
Device Manager Version 7.9(2)152
Compiled on Wed 11-Jul-18 21:59 PDT by builders
System image file is "disk0:/asa964-12-smp-k8.bin"
Config file at boot was "startup-config"
ASA-SSL-VPN-III up 4 hours 32 mins
Hardware: ASA5585-SSP-20, 12029 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash S25FL032P @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 2
Programmable device : Cisco CPLD revision 0x8
0: Int: Internal-Data0/0 : address is 0000.0001.0001, irq 5
2: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 10
3: Ext: Management0/0 : address is cc16.7e5f.4650, irq 10
4: Ext: Management0/1 : address is cc16.7e5f.4651, irq 5
16: Ext: GigabitEthernet0/0 : address is cc16.7e5f.4652, irq 255
17: Ext: GigabitEthernet0/1 : address is cc16.7e5f.4653, irq 255
18: Ext: GigabitEthernet0/2 : address is cc16.7e5f.4654, irq 255
19: Ext: GigabitEthernet0/3 : address is cc16.7e5f.4655, irq 255
20: Ext: GigabitEthernet0/4 : address is cc16.7e5f.4656, irq 255
21: Ext: GigabitEthernet0/5 : address is cc16.7e5f.4657, irq 255
22: Ext: GigabitEthernet0/6 : address is cc16.7e5f.4658, irq 255
23: Ext: GigabitEthernet0/7 : address is cc16.7e5f.4659, irq 255
24: Ext: TenGigabitEthernet0/8: address is cc16.7e5f.465a, irq 255
25: Ext: TenGigabitEthernet0/9: address is cc16.7e5f.465b, irq 255
26: Int: Internal-Data0/2 : address is 0000.0100.001b, irq 255
27: Int: Internal-Data0/3 : address is 0000.0100.001c, irq 255
28: Int: Not used : irq 255
29: Int: Not used : irq 255
30: Int: Not used : irq 255
31: Int: Not used : irq 255
32: Int: Not used : irq 255
33: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 1024 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 10000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10000 perpetual
Total VPN Peers : 10000 perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
10GE I/O : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA5585-SSP-20 VPN Premium license.
Serial Number: JAD203406TB
Running Permanent Activation Key: 0x2b04c87d 0xc4d9e032 0x8d00e988 0xf048e4e4 0x0321f1b6
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
This sounds very "buggy". I suggest upgrading the ASA to 18.104.22.168 or higher.
Just because one ASA is not affected by a bug doesnt mean that another ASA will not be affected. For example, we have a client with a lot of 3650 switches and they are heavily affected by bugs, while another client with same equipment is not.
It might be that there is a feature or configuration on the affected ASA that is triggering the bug, or it might be something else entirely.
If you want to identify if this is a bug I would suggest opening a TAC case. But upgrading to the latest ASA software within the minor release you are running would also be a good starting point.