cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1939
Views
0
Helpful
2
Replies

asp drop Punt no memory (punt-no-mem)

craig.petty
Beginner
Beginner

I am trying to ssh to the inside interface of a remote firewall through an IPSec tunnel, but it just times out.  I have an "ssh x.x.x.x x.x.x.x inside" rule to allow my connection, and I have "management-access inside" enabled.  I see in the log that the connection is built.

Built inbound TCP connection 5526788 for outside:10.0.37.96/65067 (10.0.37.96/65067) to inside:172.29.11.254/22 (172.29.11.254/22)

After more troubleshooting I found that the device is dropping the packet due to "Punt no memory" which I can see if I do an asp-drop capture.

16:06:26.490285 10.0.37.96.65067 > 172.29.11.254.22: S 1843499779:1843499779(0) win 8192 <mss 1340,nop,wscale 8,nop,nop,sackOK> Drop-reason: (punt-no-mem) Punt no memory

I also tried connecting to the inside int via https, and that produced the same results (i.e. punt-no-mem).

Looking at Cisco docs it seems this might indicate a memory shortage, but we have plenty of memory available.

FW# sh mem

Free memory:        1434398544 bytes (67%)

Used memory:         713085104 bytes (33%)

-------------     ------------------

Total memory:       2147483648 bytes (100%)

What else could cause this?  BTW, I can ssh to the outside interface just fine.

I have an ASA 5512-X running version 8.6(1)6

1 ACCEPTED SOLUTION

Accepted Solutions
2 REPLIES 2

Jennifer Halim
Cisco Employee
Cisco Employee

Thank you Jennifer.  I added "route-lookup" to my nat rule, and that fixed the issue.  I don't quite understand why that was necessary, but it did the trick.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: