Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5370
Views
25
Helpful
14
Replies

ASA-AWS - ASAv keeps crashing.

Go to solution
IQNetAdmin
Level 1
Level 1

‎04-04-2020 08:37 PM

We have an ASAv configured in AWS.  It keeps crashing periodically and I'm trying to determine the cause.

 

Version: Cisco Adaptive Security Appliance Software Version 9.6(4)

 

I've attached the "show crashinfo" output.

 

Can somebody please assist?

Preview file
534 KB
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎04-05-2020 12:42 AM

is this a new deployment? was it working fine and all of sudden you having issue with this ASA. seem you are hitting a bug. consider upgrade to 9.8.4.x

please do not forget to rate.

View solution in original post

Go to solution
Sheraz.Salim
VIP
VIP
In response to IQNetAdmin

‎04-05-2020 07:29 AM - edited ‎04-05-2020 07:33 AM

I strongly suggest of upgrade 9.8.4. its a gold start release and we already using in production we have not seen any issue in regards to anyconnect.

here is the link https://software.cisco.com/download/home/286119613/type/280775065/release/9.8.4%20Interim

 

unless @Pulkit Saxena disagree with this. we are all here to help each other. I have a great respect for Pulkit and for TAC.

 

hope your issue will resolve and you get the stability.

 

here and here this document explain how to upgrade the software on ASA

please do not forget to rate.

View solution in original post

Go to solution
Sheraz.Salim
VIP
VIP
In response to IQNetAdmin

‎04-05-2020 07:39 AM

In order to download the software you need a service contract with cisco. unless you ask your cisco local representative. which seem like you do not have a contract with cisco.

please do not forget to rate.

View solution in original post

14 Replies 14

Go to solution
Sheraz.Salim
VIP
VIP

‎04-05-2020 12:42 AM

is this a new deployment? was it working fine and all of sudden you having issue with this ASA. seem you are hitting a bug. consider upgrade to 9.8.4.x

please do not forget to rate.

Go to solution
Pulkit Saxena
Cisco Employee
Cisco Employee

‎04-05-2020 02:34 AM

Hi,

9.6.4 has some known issues, so it will be better to run an interim/latest Cisco suggested release in the same train.
However going by the "crashinfo", it seems you are hitting :
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi16029
We are seeing an increase in number for this issue with increase in remote work users.
For official check, to perform an upgrade if needed, you can open a TAC case.

-
Pulkit
0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to Pulkit Saxena

‎04-05-2020 04:29 AM

@Pulkit Saxena the crash file showing Thread DATAPATH-1-1573 and the bug you mentioned is webvpn.are they not two different issues?

please do not forget to rate.
0 Helpful

Go to solution
Pulkit Saxena
Cisco Employee
Cisco Employee
In response to Sheraz.Salim

‎04-05-2020 06:00 AM

There is another one in the thread :
Thread Name: Unicorn Proxy Thread
Page fault: Address not mapped
This is points to WebVPN, and in addition i have decoded the traceback which points to the caveat which i have provided.
However as I mentioned, code recommendation or confirmation should come from TAC and not on community discussion.

-
Pulkit
0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to Pulkit Saxena

‎04-05-2020 06:32 AM

@Pulkit Saxena with all due respect in regards to TAC confirmation on software its depends some end user does not have a support contract etc and they why they come to cisco community seeking advise. i think you last comment was not appropriate.

please do not forget to rate.

Go to solution
IQNetAdmin
Level 1
Level 1
In response to Sheraz.Salim

‎04-05-2020 07:12 AM

This is not a new instance.  We've been running into this issue for awhile now.  It would crash every couple of months.  It's now crashed 4 times in the last 3 days.

 

@Sheraz.Salim is correct.  This is an ASAv that is licensed through the AWS Marketplace so we have no access to TAC support besides the community.  See https://aws.amazon.com/marketplace/pp/B00WH2LGM0#pdp-support that describes our support options.

 

Thinking back on history.... I believe this issue started happening after we enabled the WebVPN, but I can't say that for 100% but if we are hitting the bug that you pointed out, that would make sense.  

 

I am running into the issue from this post as well about trying to get updates.  Any suggestions on how to get access to an update?

https://community.cisco.com/t5/network-security/asa-aws-unable-to-access-software-updates/td-p/3859953

 

 

0 Helpful

Go to solution
Pulkit Saxena
Cisco Employee
Cisco Employee
In response to IQNetAdmin

‎04-05-2020 07:21 AM

As i said in one of my earlier posts, this issue is seen a lot recently with increase in number of remote users per device.
In case you have the privilege to perform an upgrade, please go for it, as it will definitely help in not just this issue but many more caveats which are there on base 9.6.4.
You can check cisco ASA release notes for all the bug fixes available in this train's recent release.
https://www.cisco.com/web/software/280775065/141317/ASA-964-Interim-Release-Notes.html

-
Pulkit
0 Helpful

Go to solution
jimholla
Cisco Employee
Cisco Employee
In response to Pulkit Saxena

‎04-05-2020 07:28 AM

If you can upgrade, for maximum performance please consider 1)uprading to version 9.13.1 and 2)running on a c5 instance. The c5 performance is way better than the c3, c4, and m4.

Go to solution
IQNetAdmin
Level 1
Level 1
In response to Pulkit Saxena

‎04-05-2020 07:29 AM

@Pulkit Saxena I would LOVE to upgrade to a more recent version.... but as I said... I'm running into the same issue this poster had. https://community.cisco.com/t5/network-security/asa-aws-unable-to-access-software-updates/td-p/3859953

 

As I said as well... since this is an AWS ASAv subscription through the AWS Marketplace, the only support is through the community.   

 

If somebody can point to the correct way to upgrade... I'm all for it.  

 

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to IQNetAdmin

‎04-05-2020 07:29 AM - edited ‎04-05-2020 07:33 AM

I strongly suggest of upgrade 9.8.4. its a gold start release and we already using in production we have not seen any issue in regards to anyconnect.

here is the link https://software.cisco.com/download/home/286119613/type/280775065/release/9.8.4%20Interim

 

unless @Pulkit Saxena disagree with this. we are all here to help each other. I have a great respect for Pulkit and for TAC.

 

hope your issue will resolve and you get the stability.

 

here and here this document explain how to upgrade the software on ASA

please do not forget to rate.

Go to solution
IQNetAdmin
Level 1
Level 1
In response to Sheraz.Salim

‎04-05-2020 07:34 AM

When I try to download the suggested release... I get the following:

 

Service Contract Required

 
To Download this software, you must have a valid service contract associated to your Cisco.com profile.
If you do not have a service contract you can get one through:
  • Your Cisco Account Team if you have a direct purchase agreement with Cisco
  • Your Cisco Partner or Reseller
Once you have the service contract you must associate your service contract to your Cisco.com user ID with Profile Manager
 
 
How can I download?
0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to IQNetAdmin

‎04-05-2020 07:39 AM

In order to download the software you need a service contract with cisco. unless you ask your cisco local representative. which seem like you do not have a contract with cisco.

please do not forget to rate.

Go to solution
Pulkit Saxena
Cisco Employee
Cisco Employee
In response to Sheraz.Salim

‎04-05-2020 07:16 AM

@sheraz, So there is a certain level of accountability needed with every answer which we indeed posses. However for certain organisations/companies, upgrade or bug confirmation always comes from TAC.
That is why even though I did provide the answer, still informed the requester to check with TAC if required as per their organisation norms.

I consider this appropriate to let them take the call as needed with complete information provided from our side.

-
Pulkit
0 Helpful

Go to solution
Vin Daniell
Level 1
Level 1
In response to Pulkit Saxena

‎05-25-2021 07:43 AM

This is not solved. I have the same issue and I am on the latest code from AWS. 9.15(1)15. I have rebuilt in AWS many times to no avail.

 

There is obviously an issue with ASAv in AWS that is not resolved. Cisco needs to quit defaulting to telling people to upgrade to fix the issue. I am a partner and have a very unhappy client and cannot get support because this is in AWS. This is a bad situation all around and reflects badly on Cisco.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card