Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
2
Replies

ASA5512 - Not responding after a period of time

derict
Level 1
Level 1

‎08-18-2013 06:24 AM - edited ‎03-11-2019 07:27 PM

Hi All,

Anyone face problem with their ASA5512 with the following behaviour?

The firewall hang after a period of time like 15days and above & required to reboot the firewall. All interface is still PING able from either outside, inside & DMZ. However, site-to-site VPN & other functionality is not working. Firewall is not accessable from ASDM or SSH but console is working.

-FW# sh ver

 

Cisco Adaptive Security Appliance Software Version 9.1(2)

Device Manager Version 7.1(3)

Compiled on Thu 09-May-13 16:20 PDT by builders

System image file is "disk0:/asa912-smp-k8.bin"

Config file at boot was "startup-config"

FW up 1 day 5 hours

Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)

            ASA: 2048 MB RAM, 1 CPU (1 core)

Internal ATA Compact Flash, 4096MB

BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)

                             Boot microcode        : CNPx-MC-BOOT-2.00

                             SSL/IKE microcode     : CNPx-MC-SSL-PLUS-T020

                             IPSec microcode       : CNPx-MC-IPSEC-MAIN-0024

                             Number of accelerators: 1

Baseboard Management Controller (revision 0x1) Firmware Version: 2.4

0: Int: Internal-Data0/0    : address is b0fa.eb97.39ea, irq 11

1: Ext: GigabitEthernet0/0  : address is b0fa.eb97.39ee, irq 10

2: Ext: GigabitEthernet0/1  : address is b0fa.eb97.39eb, irq 10

3: Ext: GigabitEthernet0/2  : address is b0fa.eb97.39ef, irq 5

4: Ext: GigabitEthernet0/3  : address is b0fa.eb97.39ec, irq 5

5: Ext: GigabitEthernet0/4  : address is b0fa.eb97.39f0, irq 10

6: Ext: GigabitEthernet0/5  : address is b0fa.eb97.39ed, irq 10

7: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0

8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0

9: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0

10: Ext: Management0/0       : address is b0fa.eb97.39ea, irq 0

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 50             perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Disabled       perpetual

Encryption-DES                    : Enabled        perpetual

Encryption-3DES-AES               : Enabled        perpetual

Security Contexts                 : 0              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 250            perpetual

Total VPN Peers                   : 250            perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

IPS Module                        : Disabled       perpetual

Cluster                           : Disabled       perpetual

This platform has a Base license.

Serial Number: XXXXXXXXX

Running Permanent Activation Key: 0xf527cd6f 0x9438f324 0x0d813108 0xc5a07c10 0x                                                                                        8a19c495

Configuration register is 0x1

Configuration has not been modified since last system restart.

FW#

I've just tried removing the preconfigured xlate config for testing purpose & will continue to monitor.

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-18-2013 10:51 PM

Hello Derict,

For this kind of issues that requires grabing severala outputs at the time of the issue I will recommend to open a TAC case, if that is not a option go for the following output commands when the issue happens and post them here

-show memory

-show cpu usage

-clear interface

-show interface | include errors

5 minute later

-show interface | include errors

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

derict
Level 1
Level 1
In response to Julio Carvajal

‎08-18-2013 11:19 PM

Hi Julio,

I only have the outputs prior to rebooting the firewall as per below;

------------------ show memory ------------------

Free memory:        1543018512 bytes (72%)
Used memory:         604465136 bytes (28%)
-------------     ------------------
Total memory:       2147483648 bytes (100%)


------------------ show cpu usage ------------------

CPU utilization for 5 seconds = 1%; 1 minute: 1%; 5 minutes: 1%

------------------ show interface ------------------

Interface GigabitEthernet0/0 "outside", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address b0fa.eb97.39ee, MTU 1500
IP address 203.106.220.178, subnet mask 255.255.255.248
29690333 packets input, 5345029381 bytes, 1095562688 no buffer
Received 36078 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
45379500 packets output, 17904678063 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (3/0)
output queue (blocks free curr/low): hardware (456/438)
  Traffic Statistics for "outside":
29690333 packets input, 4808533022 bytes
45379500 packets output, 17086360858 bytes
31514 packets dropped
      1 minute input rate 1 pkts/sec,  94 bytes/sec
      1 minute output rate 1 pkts/sec,  66 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  84 bytes/sec
      5 minute output rate 0 pkts/sec,  49 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Control Point Interface States:
Interface number is 3
Interface config status is active
Interface state is active
Interface GigabitEthernet0/1 "inside", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address b0fa.eb97.39eb, MTU 1500
IP address 10.10.100.10, subnet mask 255.255.255.192
725602 packets input, 179205020 bytes, 103099458 no buffer
Received 398960 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
334245 packets output, 87710880 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 206 collisions, 1 interface resets
737 late collisions, 1897 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (462/91)
output queue (blocks free curr/low): hardware (496/446)
  Traffic Statistics for "inside":
725602 packets input, 165974237 bytes
334982 packets output, 82206259 bytes
370611 packets dropped
      1 minute input rate 0 pkts/sec,  58 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  49 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Control Point Interface States:
Interface number is 4
Interface config status is active
Interface state is active
Interface GigabitEthernet0/2 "dmz", is up, line protocol is up
  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address b0fa.eb97.39ef, MTU 1500
IP address 30.30.30.29, subnet mask 255.255.255.252
41935416 packets input, 15056251264 bytes, 2540621364 no buffer
Received 3 broadcasts, 0 runts, 0 giants
15343 input errors, 0 CRC, 0 frame, 15343 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
28969597 packets output, 3437060437 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
1 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (448/0)
output queue (blocks free curr/low): hardware (449/444)
  Traffic Statistics for "dmz":
41935343 packets input, 14222685374 bytes
28969597 packets output, 2873020428 bytes
568855 packets dropped
      1 minute input rate 19 pkts/sec,  4318 bytes/sec
      1 minute output rate 0 pkts/sec,  2 bytes/sec
      1 minute drop rate, 19 pkts/sec
      5 minute input rate 17 pkts/sec,  3884 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 17 pkts/sec
  Control Point Interface States:
Interface number is 5
Interface config status is active
Interface state is active

      

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card