Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1366
Views
0
Helpful
7
Replies

How to restart PRSM on ASACX without reloading CX

vince.steiner
Level 1
Level 1

‎06-13-2013 10:05 AM - edited ‎03-11-2019 06:57 PM

Is there a way i can reset PRSM on ASA CX without reloading the entire module and shutting down the traffic for up to 10 min?

the PRSM is suer slow and non responsive, the actual CX module seems to work ok.

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎06-21-2013 02:40 PM 

Hi Greg,

If you run this command on the CLI of the CX:

configure cert-reset

It should re-generate CX admin self-signed cert and restart PRSM services.

So far I haven't found other workaround.


Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

Juan Carlos Arias Perez
Level 4
Level 4

‎07-18-2013 09:41 AM

How did you solved this issue??

0 Helpful

vince.steiner
Level 1
Level 1
In response to Juan Carlos Arias Perez

‎07-18-2013 09:44 AM

Actually i have a case opened with Cisco.

our CX module keeps crashng onece a week, i will update you

0 Helpful

Juan Carlos Arias Perez
Level 4
Level 4
In response to vince.steiner

‎07-18-2013 09:46 AM

Ok thanks for your upgrade, I'm on same situation as yours.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Juan Carlos Arias Perez

‎07-21-2013 03:23 AM

Is this the ssd module or the cx blade on the 5585 that you are experiencing issues with? Also do you have a bug id handy?

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Tarik Admani

‎07-31-2013 10:16 AM

I had a tac engineer look at this issue, and the fix is to upgrade to 9.1.2(42), details of the bug can be found here:

https://tools.cisco.com/bugsearch/bug/CSCug42259

Thanks

Tarik Admani
*Please rate helpful posts*

0 Helpful

rreadling
Level 1
Level 1
In response to Tarik Admani

‎11-15-2013 08:23 AM

Check your throughput.  We're field testing a CX module at the latest version of code.  We found that at well below the limitation of the 1GB interface the memory locks up and starts dropping packets.  At that point, all we could do was power cycle the CX module and until then, it would be an outage.

We were able to license the 10GB port for the demo and memory still runs very high, but we aren't experiencing full traffic stops due to packet loss anymore. 

We believe that the CX module has a problem with disregarding old sessions that should be closed, thereby creating it's own denial-of-service attack on itself at lower throughput.  It just starts dropping all traffic.  Still not sure why the memory allocation goes so high and never lets go.  The firewall is usually the bottleneck in the network but the ASA itself is performing to specification.  It's just once we punt traffic up to the module for inspection that we lose the device.

At this point, we've been asked to downgrade to an earlier code version to continue field testing.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card