Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
2
Replies

Cisco ASA 5510 high CPU killing box

Go to solution
Martijn de Loos
Level 1
Level 1

‎12-09-2015 09:01 AM - edited ‎03-12-2019 12:01 AM

Hello,

We have 2 Cisco ASA 5510's running on ASA version 8.3.1 and with 1024MB RAM. They are setup in an Active/Standby failover.

There seems to be an issue with our secondary ASA. It has occurred alot of times already that whenever the Secondary ASA becomes the active firewall, its CPU spikes to 90 - 100% and remains steady on that value. If I open the ASDM graphs I see a steady horizontal line at 240MB of RAM so it is not running out of memory. Our entire rack of servers becomes unavailable and I can barely troubleshoot what is going on. This only happens on the Secondary ASA. I have never seen it happen on the Primary one. Whenever this happens I can see there are only around a 100 connections per second, while the ASA 5510 should be able to handle 9000 connections per second at max. I don't understand why this, and only this box, has so many CPU issues.

I am unable to perform a "show process cpu-usage" command, because every key stroke or every mouseclick takes about a minute to get through. All I do is issue a failover command so the Primary ASA becomes the Active one again and the CPU usage immediately drops to 15 - 20% and all is well again.

Any hint in the right direction to solve this mystery would be very much appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-10-2015 07:41 PM

8.(3)1 is not a recommended release. It was a major OS redesign and more like a 9.0.0 in actuality.

It has a ton of bugs and known vulnerabilities.

I'd upgrade to 9.1(6)10 - the latest release for the older hardware - and start looking at it from that basis.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-10-2015 07:41 PM

8.(3)1 is not a recommended release. It was a major OS redesign and more like a 9.0.0 in actuality.

It has a ton of bugs and known vulnerabilities.

I'd upgrade to 9.1(6)10 - the latest release for the older hardware - and start looking at it from that basis.

0 Helpful

Go to solution
Martijn de Loos
Level 1
Level 1
In response to Marvin Rhoads

‎12-11-2015 01:08 AM

Thank you Marvin. We will schedule a maintenance window for upgrade.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card