Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
0
Helpful
3
Replies

Cisco ASA5545 100% CPU Utilization and Rebooted, Ifc and Comm Failure

fabc1
Level 1
Level 1

‎08-15-2021 05:52 AM

Hi guys, need your advice on how to troubleshoot this issues.

 

We have Cisco Firewalls ASA5545-X HA cluster setup in our office network. The secondary box was hang this morning and we are unable to SSH or Ping to the firewall. There is a 100% CPU utilization alert prompted at the FMC. The secondary box was self-rebooted around afternoon before we managed to console into the box.

 

We noticed on FMC there's alert for both unit:

-secondary unit showed alert
Appliance Heartbeat: Appliance is not sending heartbeats.

 

-primary unit showed alert
CPU Usage: Using CPU01 100%

 

When we execute show failover state command, the outputs for primary unit is
-State: Primary Active
Last Failure Reason: Ifc Failure

-State: Secondary Standby Ready
Last Failure Reason: Comm Failure

 

Appreciate yall advice! Thanks!!

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2021 07:20 AM

Is your 5545 HA pair running ASA code with Firepower service module or FTD? What versions?

0 Helpful

fabc1
Level 1
Level 1
In response to Marvin Rhoads

‎08-15-2021 07:26 AM

Below is the details of my firewalls:-

Firewall 1

---------------[ FW-T2-01 ]---------------

Model                     : Cisco ASA5545-X Threat Defense (75) Version 6.2.0.1 (Build 59)

Rules update version      : 2021-08-11-001-vrt

VDB version               : 337

firepower up 56 mins 0 secs

failover cluster up 1 year 94 days

-----------------------------------------------------------------

 

Firewall 2

---------------[ FW-T2-02 ]---------------

Model                     : Cisco ASA5545-X Threat Defense (75) Version 6.2.0.1 (Build 59)

Rules update version      : 2021-08-11-001-vrt

VDB version               : 337

firepower up 1 year 94 days

failover cluster up 1 year 94 days

-----------------------------------------------------------------

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to fabc1

‎08-16-2021 01:58 AM

Determining the exact reason for the one box hanging after the fact may be difficult if not impossible. Sometimes they generate core dumps when they crash or hang up but not always., Even then, sometimes the core files don't give a clear indicator for the failure even when Cisco TAC analyzes them.

However there are numerous enhancements and bug fixes between your 6.2.0.1 and the current recommended 6.6.4. I would generally recommend starting with getting things up to the current recommended software release and then going from there to see if the problem reappears. Note your FMC (if you're using FMC) must also be at 6.6.4 or higher.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card