Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1073
Views
0
Helpful
1
Replies

ASA - Flow denied due to resource limitation

Cisco Freak
Level 4
Level 4

‎07-12-2016 04:14 PM - edited ‎03-12-2019 01:01 AM

Hi Experts,

I was practicing IPSEC tunneling in an ASA in GNS3. All config is set, but I am not able to ping each other from each sites.

I see packet drops counter increasing in ASP counter whenever I ping from routers.

ASA-2# sh asp drop

Frame drop:
Flow is denied by configured rule (acl-drop) 10
Flow denied due to resource limitation (unable-to-create-flow) 17
FP L2 rule drop (l2_acl) 40
Interface is down (interface-down) 2

ASA-2# sh resource usage
Resource Current Peak Limit Denied Context
Conns 4 10 4001000 0 System
Hosts 7 10 N/A 0 System
ASA-2#

ASA-2# sh vpn-sessiondb l2l

Session Type: LAN-to-LAN

Connection : 12.1.1.2
Index : 1 IP Addr : 12.1.1.2
Protocol : IKEv1 IPsec
Encryption : AES256 Hashing : SHA1
Bytes Tx : 1700 Bytes Rx : 1700
Login Time : 23:06:38 UTC Tue Jul 12 2016
Duration : 0h:06m:47s
ASA-2#

Can anyone please guide me why the packets are being dropped?

CF

Labels:
0 Helpful
1 Reply 1

johnlloyd_13
Level 9
Level 9

‎07-12-2016 07:21 PM

hi,

could you post a brief topology, show run and show crypto isakmp sa from both ASAs?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card