Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4020
Views
0
Helpful
4
Replies

ASA-3-210005-LU-allocate-connection-failed

secureIT
Level 4
Level 4

‎12-26-2014 06:13 AM - edited ‎03-11-2019 10:16 PM

Hi Guys,

 

I'm getting LU allocation logs in my standby firewall contineously.

Researched on memory & release notes & bug tool kit.

Understood that this issue has come only on earlier versions of code and not on 9.2.x

Cisco Adaptive Security Appliance Software Version 9.2(2)4

Dec 26 2014 15:26:16: %ASA-3-210005: LU allocate connection failed

Free memory:        6891813008 bytes (80%)

Can some one help pls..

Labels:
Preview file
12 KB
0 Helpful
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎12-26-2014 06:26 AM

Hi,

Do you see a large difference in the "show conn count" output between the two devices ?

I would recommend opening a TAC case to troubleshoot this issue if there is a large difference.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

secureIT
Level 4
Level 4
In response to Vibhor Amrodia

‎12-26-2014 09:28 AM

Hi Vibhor,

I shall compare the show conn count in both fws.

If the state table count in both are almost similar, what output/step I should take to fix this.

Can you check the below output - rcv & rerr count high.

# show failover
Stateful Failover Logical Update Statistics
        Link : STATE-Failover GigabitEthernet0/7 (up)
        Stateful Obj    xmit       xerr       rcv        rerr      
        General         564020     0          444328456  1098384   

 

 

Secondly, would you recommend separate interface for stateful failover, currently it is sharing the failover cable.

Would this solve the problem

failover lan interface STATE-Failover GigabitEthernet0/1 ---> Failover link for failover hello packets
failover key *****
failover link STATE-Failover GigabitEthernet0/1 ---> For stateful failover
failover interface ip STATE-Failover 1.1.1.1 255.255.255.0 standby 1.1.1.2

 

 

 

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to secureIT

‎12-28-2014 03:50 AM

Hi,

Yes , that might help but are you seeing any error on the physical interface itself that you are using for the failover ?

Also , i would say you should open TAC case for this as the version is quite new and it might be something interesting to find out.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

secureIT
Level 4
Level 4
In response to Vibhor Amrodia

‎12-28-2014 06:40 AM

Hi Vibhor,

primary
show conn count
2300 in use 12000 most used


secondary
show conn count
1800 in use, 7000 most used

 

It would be helpful, if you could assist me on this case, rather than opening a tac case.

Kindly help....

Or at least provide me some solution steps or best practices.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card