Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3459
Views
0
Helpful
2
Replies

ASA - System is low on free memory blocks of size 256

Go to solution
Gareth_Tait
Level 1
Level 1

‎07-07-2018 01:58 AM - edited ‎02-21-2020 07:57 AM

Over the last week we have been experiencing problems with our ASA 5512. The Firewall has went down 3 times over the past week with no knowledge a to why. In an attempt to diagnose the problem I configured syslog (PRTG) and setup debugging. The device still remains up with traffic passing through it.

 

Today I received a notification from the syslog which may point to the route cause:

 

System is low on free memory blocks of size 256 (1 CNT out of 20000 MAX)

 

I can see from the messages delivered by PRTG

 

I can see memory utilisation is sitting at 50-54% constantly (Even after configuring Netflow and SNMPv3 recently) - Severity (Error)

 

CPU remains low at around 10-20% utilisation.

 

Not sure what the current CPU and memory utilisation is after debugging being turned on but I haven't received any triggers alerting me after a day of debug being switched on.

 

I am trying to get my head around what could be using the memory blocks of size 256. I can see from the below post the possible cause could be cosmetic. Not entirely sure what the responder meant by that.

 

https://supportforums.cisco.com/t5/firewalling/system-is-low-on-free-memory-blocks-of-size-2048-0-cnt-out-of/td-p/2961017

 

The revisions we are currently running:

 

Cisco Adaptive Security Appliance Software Version 9.8(1)

 

Device Manager Version 7.8(1)

 

I understand that our software is outdated and this will be addressed next week as I understand it is vulnerable particularly to CVE-2018-0101. This may also address the problems.

 

Any suggestions to what could be causing the issues of the memory block being depleted?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎07-09-2018 05:13 AM

The ASA 9.8 release notes points to an open bug related to 256 block size depletion.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/release/notes/asarn98.html#reference_vzk_hrc_mz

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva80364

 

Bug notes indicate the root cause as excessive syslog logging. This might be one Avenue to check. I would suggest opening a tac case if the problem persists after upgrading to the latest 9.8 or 9.9 interim release.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎07-09-2018 05:13 AM

The ASA 9.8 release notes points to an open bug related to 256 block size depletion.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/release/notes/asarn98.html#reference_vzk_hrc_mz

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva80364

 

Bug notes indicate the root cause as excessive syslog logging. This might be one Avenue to check. I would suggest opening a tac case if the problem persists after upgrading to the latest 9.8 or 9.9 interim release.

0 Helpful

Go to solution
Gareth_Tait
Level 1
Level 1
In response to Rahul Govindan

‎07-09-2018 05:56 AM

Thanks. This would make sense. It was the syslog that would go down before the Firewall device ground to a halt completely, with no flow of traffic. I updated it on Saturday afternoon to the latest version and so far so good. Debugging has also been turned off with only errors now being collected. I'll keep an eye on this for sure.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card