ASA 5506 don't work continues loop

INEMINEMINEMINEM · ‎03-26-2022

Hello guys,

Please I need some help trying to find out what is going on with my ASA5506 firewall, after some time working fine it went into an infinite loop. I put the whole log from start to finish to see if anyone can take a look and help me with this.

Thanks in advance for any help you can get.

INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...
Rom image verified correctly

Cisco Systems ROMMON, Version 1.1.14, RELEASE SOFTWARE
Copyright (c) 1994-2018 by Cisco Systems, Inc.
Compiled Tue 06/05/2018 22:45:19.61 by builder

Current image running: Boot ROM1
Last reset cause: PowerCycleRequest
DIMM Slot 0 : Present

Platform ASA5506 with 4096 Mbytes of main memory
MAC Address: 00:81:c4:93:49:4d
Using default Management Ethernet Port: 0

Use BREAK or ESC to interrupt boot.
Use SPACE to begin boot immediately.

Located '.boot_string' @ cluster 848205.

#
Attempt autoboot: "boot disk0:"
Located 'asa982-20-lfbff-k8.SPA' @ cluster 11.

###################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
LFBFF signature verified.
INIT: version 2.88 booting
Starting udev
Configuring network interfaces... done.
Populating dev cache
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this.
Starting check/repair pass.
Starting verification pass.
/dev/sdb1: 126 files, 783467/1937204 clusters
dosfsck(/dev/sdb1) returned 0
Mounting /dev/sdb1
IO Memory Nodes: 1
IO Memory Per Node: 205520896 bytes

Global Reserve Memory Per Node: 314572800 bytes Nodes=1

LCMB: got 205520896 bytes on numa-id=0, phys=0x107c00000, virt=0x2aaaab000000
LCMB: HEAP-CACHE POOL got 312475648 bytes on numa-id=0, virt=0x7f5934400000
LCMB: HEAP-CACHE POOL got 2097152 bytes on numa-id=0, virt=0x2aaaaac00000
Processor memory: 1496388216
POST started...
POST finished, result is 0 (hint: 1 means it failed)

Compiled on Fri 02-Feb-18 06:10 PST by builders

Total NICs found: 14
i354 rev03 Gigabit Ethernet @ irq255 dev 20 index 08 MAC: 0081.c493.494d
ivshmem rev03 Backplane Data Interface @ index 09 MAC: 0000.0001.0002
en_vtun rev00 Backplane Control Interface @ index 10 MAC: 0000.0001.0001
en_vtun rev00 Backplane Int-Mgmt Interface @ index 11 MAC: 0000.0001.0003
en_vtun rev00 Backplane Ext-Mgmt Interface @ index 12 MAC: 0000.0000.0000
en_vtun rev00 Backplane Tap Interface @ index 13 MAC: 0000.0100.0001
WARNING: Attribute already exists in the dictionary.
Verify the activation-key, it might take a while...
Running Permanent Activation Key: Cleared for security reasons

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 5 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

cnnic_asa_exit_cb: Accelerator boot err Accelerator boot failed status 4.

--- Begin of accelerator boot log ---
Using user supplied board name: CUST_CLARK, number: 20003
Using user supplied DDR 0 spd address(es)/file(s): /asa/cavium/accelerator_spd
Read 128 values from spd file: /asa/cavium/accelerator_spd
PCIE port 0
All cores in reset, skipping soft reset.
Using bootloader image: /asa/cavium/u-boot.bin
Notice: Using board default DDR clock of: 0 hertz.
Warning: Using generic default DDR clock of 533000000 hertz.
Initialized 512 MBytes of DRAM
Setting dram_size in env
Starting cores 0x1
Powering up additional cores.
Timeout waiting for boot completion!

--- End of accelerator boot log ---
Invalid log size 0
Panic: DATAPATH-0-1742 - cnnic_asa_exit_cb: Accelerator boot err Accelerator boot failed status 4.
(set_exptime) Timer not a leaf 0x00007fdb2cd74210. Traceback: 0x00007fdb4973febe 0x00007fdb4973703c 0x00007fdb4974765b 0x00007fdb49741a33 0x00007fdb4af458f6 0x00007fdb482cc180 0x00007fdb49739e03 0x00007fdb4a1f1263 0x00007fdb4af4adc1 0x00007fdb4974a56d 0x00007fdb45740200 0x00007fdb4af49785 0x00007fdb4971646b 0x00007fdb4571be85
mgd_timer_set_exptime: Not a leaf called from 0x00007fdb4974765b
core0 same core snap_count=1 signo=11 RIP=7fdb49747695

-----------------------------------------------
Traceback output aborted.
Flushing first exception frame:
r8 0x0000000000008802
r9 0x0000000000000000
r10 0x00007face43c59f0
r11 0x0000000000003293
r12 0x00007fad07e50684
r13 0x00007face43c5c30
r14 0x0000000000000000
r15 0xffffffffffffdf40
rdi 0x0000000000000000
rsi 0x00007face43c5c30
rbp 0x00007face43c5c70
rbx 0x00007face43be188
rdx 0x0000000000000010
rax 0xfffffffffffffffc
rcx 0xffffffffffffffff
rsp 0x00007face43c5c20
rip 0x00007facff918afd
eflags 0x0000000000003293
csgsfs 0x0000000000000033
error code n/a
vector 0x0000000000000000
old mask 0xffffffde3e3ada05
cr2 0x0000000000000000
Nested traceback attempted via signal, from:
Page fault: Address not mapped
r8 0x0000000000008802
r9 0x0000000000000c2d
r10 0x0000000000000042
r11 0x0000000000003293
r12 0x00007fad081ee640
r13 0x00007fad07e4d460
r14 0x0000000000000000
r15 0x00007fad07e4d460
rdi 0x0000000000000000
rsi 0x0000000000000004
rbp 0x00007face43c53d0
rbx 0x00007face43c1000
rdx 0x0000000000000000
rax 0x0000000000000000
rcx 0x0000000000000000
rsp 0x00007face43c53c0
rip 0x00007fad00d94695
eflags 0x0000000000013246
csgsfs 0x0000000000000033
error code 0x0000000000000006
vector 0x000000000000000e
old mask 0xffffffde3e3ada05
cr2 0x0000000000000008

Cisco Adaptive Security Appliance Software Version 9.8(2)20

Compiled on Fri 02-Feb-18 06:10 PST by builders
Hardware: ASA5506
Crashinfo collected on 23:27:50.369 UTC Mon Mar 3 2014
ASLR enabled, text region 7fad00481000-7fad0476247c

Traceback:
0: 0x00007fad00d412e1
1: 0x00007fad00d8da68
2: 0x00007fad02592676
3: 0x00007facff919180
4: 0x00007fad00d8ea33
5: 0x00007fad025928f6
6: 0x00007facff919180
7: 0x00007fad00d86e03
8: 0x00007fad0183e263
9: 0x00007fad02597dc1
10: 0x00007fad00d9756d
11: 0x00007facfcd8d200
12: 0x00007fad02596785
13: 0x00007fad00d6346b
14: 0x00007facfcd68e85
-----------------------------------------------
core0 same core snap_count=2 signo=11 RIP=7fad01840da4
Process shutdown finished
Rebooting... (status 0x8b)
..
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...

balaji.bandi · ‎03-26-2022

POST finished, result is 0 (hint: 1 means it failed)

Also, i see several traceback and failures, Looks for me time for the TAC case (if you have smartnet contract to replace it)

worth looking this bug ;

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn64163

you can give a shot re-imaging the device : (with the version you looking for)

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html#id_57458

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sheraz.Salim · ‎03-27-2022

If you do not have a cisco support in that case you are out of luck.

find a similar thread with same disussion.

might this will help you https://community.cisco.com/t5/network-security/asa-5506-toast/td-p/3332071

please do not forget to rate.

MHM Cisco World · ‎03-27-2022

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvp16482

check this bug

INEMINEMINEMINEM · ‎03-27-2022

My conclusion from this whole process is that this firewall is garbage.

I already sent it to the trash, worst experience ever in my life.

balaji.bandi · ‎03-27-2022

My conclusion from this whole process is that this firewall is garbage.

I already sent it to the trash, worst experience ever in my life.

Unfortunately as a community nothing much we can do here, just help each other, hardware faults no one hands here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sheraz.Salim · ‎03-27-2022

Sorry to hear and we can understand your frustration.

here at this community can can’t not offer you much. Normally Cisco hardware last much much longer in your case you had a bad luck.

if you had a Cisco support you can get the new firewall but again I can understand some time we can’t afford support either due to extra cost etc.

please do not forget to rate.