09-27-2011 07:57 AM - edited 03-11-2019 02:30 PM
Currently running (2) ASA 5550's in LAN failover configuration ASA ver 8.3(2) . Intermittently the firewall will failover. And it will do this several times with a half hour or so time frame. Error message in syslogs is:
%ASA-3-105010 which is "Block memory was depleted. This is a transient message and the adaptive security appliance should recover.
Recommended Action: Use the show blocks command to monitor the current block memory.
What could be causing this issue? Is there a fix for this issue?
Solved! Go to Solution.
09-27-2011 09:03 AM
Hi Kristen,
As a best practice, yes all interfaces should have a standby IP address assigned. If you have 'logging standby' enabled, this would be enough to trigger the bug I mentioned before. I would suggest adding the standby IP address to the management interface and then monitoring to ensure the block depletion stops.
Hope that helps.
-Mike
09-27-2011 08:41 AM
Hi Kristen,
Which block sizes are being depleted? Can you post the output of 'show block' for us?
-Mike
09-27-2011 08:51 AM
Size Max Low CNT
0 1450 1401 1450
4 900 899 899
80 5660 5525 5660
256 3864 3608 3864
1550 20000 0 19723
2048 6100 6076 6100
2560 7320 7320 7320
4096 100 100 100
8192 100 100 100
16384 200 200 200
65536 16 16 16
Thank you!
09-27-2011 08:56 AM
Hi Kristen,
By any chance, do you have 'logging standby' configured? If so, does every interface have a standby IP address configured? If any interfaces are missing a standby IP (you can check the output of 'show failover'), you may be running into this bug:
CSCtk68555 - 1550 and 256 byte blocks may leak to 0 causing failover and data issues
If this is the case, you can disable 'logging standby' or assign standby IP address to each and every interface as a workaround.
-Mike
09-27-2011 09:01 AM
I do have a standby IP address configured for every interface except the management interface. Should I configure a standby on the management interface?
09-27-2011 09:03 AM
Hi Kristen,
As a best practice, yes all interfaces should have a standby IP address assigned. If you have 'logging standby' enabled, this would be enough to trigger the bug I mentioned before. I would suggest adding the standby IP address to the management interface and then monitoring to ensure the block depletion stops.
Hope that helps.
-Mike
09-27-2011 09:09 AM
Thank you. I will do that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide