Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3205
Views
0
Helpful
3
Replies

ASA 5510 Memory Allocation Error ASA 8.0(3) ASDM 6.1(1)

luke.brain
Level 1
Level 1

‎10-11-2009 03:30 PM - edited ‎03-11-2019 09:25 AM

Our Cisco ASA5510 firewall has just started to receive these "memory allocation errors". The first time this happened, it occurred after the firewall had been up for 294days without issue. To fix this the first time, I reloaded ASA. It's happened again this morning but, I've taken a 'sho tech' before it reloaded.

We did enable the WebVPN part more than a year ago. It's not being used but, still enabled. The memory usage averages approx 184MB.

As the memory allocation error has happened twice now, if it happens a third time I'm going to disable the WebVPN part. As this link refers to newer code that fixes an issue with memory allocation errors related to WebVPN.

<A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/security/asa/asa70/release/notes/asarn708.html')">http://www.cisco.com/en/US/docs/security/asa/asa70/release/notes/asarn708.html</A>

Should I disable the WebVPN or upgrade the code?

I'd prefer to stick with the code and just disable the WebVPN.

What are your thoughts?

TIA

Labels:
Preview file
10 KB
Preview file
1 KB
0 Helpful
3 Replies 3

Herbert Baerten
Cisco Employee
Cisco Employee

‎10-12-2009 03:50 AM

What is the actual error you get?

Is it impacting traffic?

Does "show memory" indicate a decrease of available memory if you take it at regular intervals (every hour, every day)?

Disabling webvpn may or may not help, impossible to say without more info.

But why not upgrade to 8.0(4) or 8.0(4.32)? I can't guarantee that this will help either, but numerous memory issues have been resolved since 8.0(3) so it's definitely worth a shot. And an upgrade is a good idea anyway since going to 8.04.32 will include some fixes to security vulnerabilities, cfr. http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml

0 Helpful

luke.brain
Level 1
Level 1
In response to Herbert Baerten

‎10-12-2009 02:10 PM

Apologies, I should have put further information in this. When this weird issue occurs, users are complaining that they're unable to access sites with https or any site that you login to like 'my ebay' and our payroll site which is https. All other sites on port 80 or obscure non standard http ports work without issue only https. Then I noticed that the ASA had the memory allocation error, cycled the power, it went away for nearly 3 days and came back again. It's now been 1 day since I reloaded the ASA and so far it's OK. but, I know it's going to happen again.

All I have is the screenshot attached of the memory allocation error in the ASDM.

The below is the ASA after running 1 day since reload,

The free memory displayed approx 27% when the 'memory allocation' error occurred and it's approximately that now. I'll have to monitor it and post results.

thanks for your help.

-------------------------------

aus09asa01# sho mem detail

Free memory: 72334688 bytes (27%)

Used memory: 196100768 bytes (73%)

Allocated memory in use: 82854432 bytes (31%)

Reserved memory: 62021760 bytes (23%)

DMA Reserved memory: 51224576 bytes (19%)

----------------------------- ----------------

Total memory: 268435456 bytes (100%)

Dynamic Shared Objects(DSO): 0 bytes

DMA memory:

Unused memory: 7354956 bytes (14%)

Crypto reserved memory: 8216696 bytes (16%)

Crypto free: 7036836 bytes (14%)

Crypto used: 1179860 bytes ( 2%)

Block reserved memory: 35402176 bytes (69%)

Block free: 31330656 bytes (61%)

Block used: 4071520 bytes ( 8%)

Used memory: 250748 bytes ( 0%)

----------------------------- ----------------

Total memory: 51224576 bytes (100%)

HEAP memory:

Free memory: 72334688 bytes (47%)

Used memory: 82854432 bytes (53%)

Init used memory by library: 4218752 bytes ( 3%)

Allocated memory: 78635680 bytes (51%)

----------------------------- ----------------

Total memory: 155189120 bytes (100%)

Least free memory: 66245384 bytes (43%)

Most used memory: 88943736 bytes (57%)

Preview file
706 KB
0 Helpful

Herbert Baerten
Cisco Employee
Cisco Employee
In response to luke.brain

‎10-14-2009 02:14 AM

Well, as I mentioned there is nothing we can tell just from this output. We would have to get the same output on a regular basis, and check the differences. Even then it will probably not tell us enough to really pinpoint the culprit.

"show blocks" might help, also taken at regular intervals to check for a decreasing trend.

But still my suggestion would be to upgrade and/or open a TAC case if you can. If you don't want to upgrade for whatever reason and don't really use webvpn then of course you can just disable it and see if it helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card