Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
495
Views
5
Helpful
5
Replies

ASA CLOSE_WAIT for ASDM Solution not working

Go to solution
AminK
Level 1
Level 1

ā€Ž12-10-2024 12:17 AM

Hi 

I have two ASA 5545 in a cluster. the software version is 9.14(2)15. I can't access my firewall with ASDM due to having maximum http sessions. When I run #debug menu npshim -w, I see 5 https connections with CLOSE_WAIT state. There is no session in #show asdm session. so I can't disconnect them there.

Now according to this guide:https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-asdm/222646-troubleshoot-asdm-launch-problems.html

there is a workaround for this bug that says run #debug menu pdm 3, but my problem is this command is not available in my ASA cli. Other workaround is to reload the appliance but I can't do that because it is a crucial part of my production network.

I highly appreciate any help.

Thanks. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
AminK
Level 1
Level 1
In response to MHM Cisco World

ā€Ž12-11-2024 07:37 AM

These options do not work either. Sessions was stuck in close_wait state and nothing worked. So I reloaded the device in maintenance window. I think there is only these two options. Either (#debug menu pdm 3) works for you, or you have to reload ASA to access ASDM again. I applied your suggestions to hopefully avoid this problem in future.

Thank you for your help.

View solution in original post

5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

ā€Ž12-10-2024 12:29 AM

I think tcp keepalive is solved your issue.

MHM

Go to solution
AminK
Level 1
Level 1
In response to MHM Cisco World

ā€Ž12-10-2024 01:46 AM

Can you explain more please? if you mean #http server idle-timout and #http server session-timeout, I already configured those at 1 minute but still no luck. If you mean #timeout tcp or half-closed, I think default values are far less than my problem duration. I have this problem for 2 days now.

Go to solution
MHM Cisco World
VIP
VIP
In response to AminK

ā€Ž12-10-2024 10:22 PM

sorry I check, in IOS we use service tcp keepalive in ASA there is no such as this option.

anyway 

ciscoasa(config)# http server idle-timeout 10 <<- this only work for idle session, if session is not idle this command not work
ciscoasa(config)# http server session-timeout 120 <<- this terminate the session after specific time you can config timeout as you want.

Go to solution
AminK
Level 1
Level 1
In response to MHM Cisco World

ā€Ž12-11-2024 07:37 AM

These options do not work either. Sessions was stuck in close_wait state and nothing worked. So I reloaded the device in maintenance window. I think there is only these two options. Either (#debug menu pdm 3) works for you, or you have to reload ASA to access ASDM again. I applied your suggestions to hopefully avoid this problem in future.

Thank you for your help.

Go to solution
MHM Cisco World
VIP
VIP
In response to AminK

ā€Ž12-11-2024 08:42 AM

you are so welcome 

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card