cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3628
Views
30
Helpful
34
Replies

Cisco ASA 5515-X hanged several times.(Urgent)

ibbulbul
Level 1
Level 1

I am using two Cisco Fire Power ASA 5515-X last two years. But suddenly from last 3 month one Firewall has been hanging automatically. Nothing does work then. After reboot manually it does work. but after sometime same issue occurred again. I use asa9-12-3-12-smp-k8.bin version for both firewall. I change to the default version. But same issue. For this reason my production is hampering. I can't understand what is the issue. No warranty for those firewall. So need your expert advise immediately for solving this issue.

Note: Alarm LED has ON when Firewall habged

Thank you.

34 Replies 34

show failover status <<- share this 

Brother waiting for your comments. It can be a Hardware issue?

Nop, if it hardware issue then it will effect one ASA not both. 
it misconfig. 
show failover status <<- check the failover status is it UP or not, also check the IN and OUT interface is it monitored or unknown 

Check the failover logs.

show failover history <<- please share this

My first comment is that these devices are end of support and should be replaced, especially if this really is for the army as it seems to be indicated by the network diagram you posted.

When the issue occurs are there crashdump files created in the flash drive? show flash

Upgrading to a newer version would be my first suggestion, but since these devices are end of support I am not sure where you can get the software images from.

Another thing you could try a file system check on disk0: command fsck disk0: if there are any issues with the disk this will find them and attempt to repair them.

A final and drastic action would be to format / delete everything from the device completely and then upload the software and configure it from scratch (make sure you have configuration backup before doing this).

The issue you are explaining sounds very much like a memory leak, though usually memory leaks result in a crash and reload.

--
Please remember to select a correct answer and rate helpful posts


Primary-FW/stby# fsck disk0:

ERROR: There are one or more sw-modules running on the system. Please shut down the sw-modules before attempting to run fsck on d isk0:

Primary-FW/stby#

Primary-FW/act# fsck disk0:

ERROR: There are one or more sw-modules running on the system. Please shut down the sw-modules before attempting to run fsck on disk0:

Primary-FW/act#

Primary-FW/act# sh module

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5515-X with SW, 6 GE Data, 1 GE Mgmt, AC ASA5515 FCH2050J627
ips Unknown N/A FCH2050J627
cxsc Unknown N/A FCH2050J627
sfr FirePOWER Services Software Module ASA5515 FCH2050J627

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 2c33.1151.b5d8 to 2c33.1151.b5df 3.0 2.1(9)8 9.12(3)12
ips 2c33.1151.b5d6 to 2c33.1151.b5d6 N/A N/A
cxsc 2c33.1151.b5d6 to 2c33.1151.b5d6 N/A N/A
sfr 2c33.1151.b5d6 to 2c33.1151.b5d6 N/A N/A 6.4.0-102

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
cxsc Unknown No Image Present Not Applicable
sfr ASA FirePOWER Up 6.4.0-102

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Unresponsive Not Applicable
sfr Up Up

Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual

Are you using the FirePOWER module in the ASA?  If no, then shutdown the module and run the fsck command again.

--
Please remember to select a correct answer and rate helpful posts

Yes. I am using FirePower Module. and logs shared above.

You can check the below logs also.

Primary FW shows the SSD but Secondary Doesnt show the SSD. Is it can be a issue?

Primary FW:

Driver Error, invalid sensor query
Name: "Storage Device 1", DESCR: "Micron 128 GB SSD MLC, Model Number: C400-MTFDDAC128MAM"
PID: N/A , VID: N/A , SN: MXA180303X1

Secondary FW:

Driver Error, invalid sensor query
Name: "Storage Device 1", DESCR: "Model Number: Micron_M550_MTFDDAK128MAY"
PID: N/A , VID: N/A , SN: MXA1833002A

 

The Alarm LED is ON when it is hanged.

"A final and drastic action would be to format / delete everything from the device completely and then upload the software and configure it from scratch (make sure you have configuration backup before doing this)."

I did it. I formatted the flash fully and  then reinstalled again. But the issue again resume. Firewall hanged and Alarm LED is on.

If you have already performed a full format of the device and reinstalled the software and the issue is still present, it could indicate a hardware issue with the device. Some possible hardware issues could be:

  • Disk/storage failure: Check the storage device for any errors or faults and replace if necessary.

  • Memory issue: Check the memory usage on the device and if necessary, replace any faulty DIMMs.

  • Power supply issue: Check the power supply and replace if necessary.

  • Environmental issue: Check the temperature and humidity of the environment and make sure it's within the specified range.

If none of these hardware-related issues are found, you may want to consider contacting technical support or the manufacturer of the device for further assistance. They may be able to diagnose the issue and provide a solution.

Thank you bro for nice reply. I already perform all steps and problem is still exist.

Screenshot (277).png
I try lab your issue, 
just want to confirm what is the config of link connect between ASA FW and HSRP L3SW

Failover configured in between Firewall and HSRP configure in between L3 Switch. Do you need to see configuration?

Review Cisco Networking for a $25 gift card