Solved: Cisco ASA 9.13(1)on Firepower 1140 VPN connections starts failing

ev4ld · ‎11-04-2024

hi all,

I',m using Firepower 1140 for annyconnect VPN connections to our office. We are not a big office, never more than 20 connections at the same time. Everything works fine for 2 to 3 weeks, and then after that connections start failing until reload.

I started monitoring appllience with libreNMS, CPU load is never above 20%, total memory is always below 30%. ASDM also doesn't show any problems with overload.

However MEMPOOL_GLOBAL_SHARED went from 55% to 96% in about 12 hours after reboot, and MEMPOOL_DMA went from 48 to 52 at the same time. At the time when connections started failing both values were at 100%, but total values for memory and CPU were low. I assume MEMPOOL values is somehow related to my problem.

Does anybody have an advice here how to troubleshoot it? what kind of logs could help?

Aref Alsouqi · ‎11-05-2024

I would try to upgrade to the latest code which I believe it is 9.14.4.

View solution in original post

marce1000 · ‎11-05-2024

- Here are a number of bugs which could possibly be related :
https://bst.cloudapps.cisco.com/bugsearch?pf=prdNm&prdNam=Cisco%20Firepower%201140%20Security%20Appliance&kw=MEMPOOL_GLOBAL_SHARED&bt=custV&sb=anfr

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Aref Alsouqi · ‎11-05-2024

I would try to upgrade to the latest code which I believe it is 9.14.4.

ev4ld · ‎12-10-2024

I have upgraded recently to the newest ASA, so far no problems..

Aref Alsouqi · ‎12-11-2024

Good to hear and I'm glad that the upgrade helped.