Showing results for 
Search instead for 
Did you mean: 

How to restart PRSM on ASACX without reloading CX

Level 1
Level 1

Is there a way i can reset PRSM on ASA CX without reloading the entire module and shutting down the traffic for up to 10 min?

the PRSM is suer slow and non responsive, the actual CX module seems to work ok.

7 Replies 7

Luis Silva Benavides
Cisco Employee
Cisco Employee
Hi Greg,

If you run this command on the CLI of the CX:

configure cert-reset

It should re-generate CX admin self-signed cert and restart PRSM services.

So far I haven't found other workaround.

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

Luis Silva

How did you solved this issue??

Actually i have a case opened with Cisco.

our CX module keeps crashng onece a week, i will update you

Ok thanks for your upgrade, I'm on same situation as yours.

Is this the ssd module or the cx blade on the 5585 that you are experiencing issues with? Also do you have a bug id handy?


Tarik Admani
*Please rate helpful posts*

I had a tac engineer look at this issue, and the fix is to upgrade to 9.1.2(42), details of the bug can be found here:


Tarik Admani
*Please rate helpful posts*

Check your throughput.  We're field testing a CX module at the latest version of code.  We found that at well below the limitation of the 1GB interface the memory locks up and starts dropping packets.  At that point, all we could do was power cycle the CX module and until then, it would be an outage.

We were able to license the 10GB port for the demo and memory still runs very high, but we aren't experiencing full traffic stops due to packet loss anymore. 

We believe that the CX module has a problem with disregarding old sessions that should be closed, thereby creating it's own denial-of-service attack on itself at lower throughput.  It just starts dropping all traffic.  Still not sure why the memory allocation goes so high and never lets go.  The firewall is usually the bottleneck in the network but the ASA itself is performing to specification.  It's just once we punt traffic up to the module for inspection that we lose the device.

At this point, we've been asked to downgrade to an earlier code version to continue field testing.

Review Cisco Networking for a $25 gift card