10-13-2010 10:40 PM - edited 03-11-2019 11:54 AM
Hi Guys ,
ASA5520 configured A/A in context mode , running on 8.0(5) facing high memory utilization 100%.
can anyone suggest the issue and how to reduce high memory utilization .no debug enabled on firewall .there are multiple ACL/Objects configured on firewall .
LOGs-
Cisco Adaptive Security Appliance Software Version 8.0(5) <system>
Device Manager Version 6.2(5)
Compiled on Mon 02-Nov-09 21:22 by builders
System image file is "disk0:/asa805-k8.bin"
Config file at boot was "startup-config"
fw up 4 hours 30 mins
failover cluster up 2 years 56 days
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 64MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
------------------ show module ------------------
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5520 Adaptive Security Appliance ASA5520 JMX1
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF10
------------------ show memory ------------------
Free memory: 422504 bytes ( 0%)
Used memory: 536448408 bytes (100%)
------------- ----------------
Total memory: 536870912 bytes (100%)
------------------ show memory dma ------------------
<--- More --->
DMA memory:
Unused memory: 22884448 bytes (29%)
Crypto reserved memory: 20471932 bytes (26%)
Crypto free: 19292168 bytes (24%)
Crypto used: 1179764 bytes ( 1%)
Block reserved memory: 35633472 bytes (45%)
Block free: 31818208 bytes (40%)
Block used: 3815264 bytes ( 5%)
Used memory: 251364 bytes ( 0%)
----------------------------- ----------------
Total memory: 79241216 bytes (100%)
------------------ show conn count ------------------
9780 in use, 18342 most used
------------------ show xlate count ------------------
216 in use, 1022 most used
==================
Thanx
10-14-2010 07:52 AM
firstly i think this can be better addressed if you open a TAC case simply bcoz of the complexity involved in troubleshooting this
though i can try to help you a little bit here
issue this command show local-host | include host|count/limit
and see if you have any host/server making more connections than expected
other than that try disbaling logging, snmp and threat detection and see if the memory goes down a little bit
if possible paste your config
10-14-2010 07:54 AM
You can decrease the logging buffer-size, you can also disable threat detection.
I hope it helps.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide