Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2538
Views
0
Helpful
4
Replies

LU allocate connection failed on ASA5585

huang.jeff
Level 1
Level 1

‎06-07-2011 06:21 PM - edited ‎03-11-2019 01:43 PM

We saw this syslog on ASA5585 with version 8.4(1). I have two HA firewall pairs (contains 4 ASA5585, active/standby), and I saw this message on the standby ones.

Jun  7 07:36:26 10.99.96.32 last message repeated 4 times

Jun  7 07:36:26  10.99.96.32 :Jun 07 07:36:26 HKST: %ASA-ha-3-210005: LU allocate connection  failed

Jun  7 07:36:26 10.99.96.32 :Jun 07 07:36:26 HKST: %ASA-ha-3-210005:  LU allocate connection failed

Jun  7 07:36:26 10.99.96.32 last message  repeated 14 times

Jun  7 07:42:28 10.99.96.32 :Jun 07 07:42:28 HKST:  %ASA-ha-3-210005: LU allocate connection failed

Jun  7 07:42:28  10.99.96.32 last message repeated 10 times

Jun  7 07:42:28 10.99.96.32 :Jun  07 07:42:28 HKST: %ASA-ha-3-210005: LU allocate connection failed

I also found two bugs about this message, CSCsh80889 and CSCsb98925, and from the bug infomation, it should be fixed in previous version.

FW14A-Z5J04-96-31/sec/stby# show mem detail

Free memory:                     10936096992 bytes (85%)

Used memory:

Allocated memory in use:     552720160 bytes ( 4%)

Reserved memory:           1396084736 bytes  (11%)

-----------------------------   ----------------

Total  memory:                   12884901888 bytes (100%)

Least free memory:      10934684752 bytes (85%)

Most used memory:      1950217136 bytes (15%)

And it looked not like a hardware problem. Is this still a bug?

thanks

Jeff Huang

Labels:
0 Helpful
4 Replies 4

Kureli Sankar
Cisco Employee
Cisco Employee

‎06-07-2011 07:57 PM

CSCte80027 - but should be resolved in 8.4.1

With the new code, I'd suggest opening a TAC case.

-KS

0 Helpful

huang.jeff
Level 1
Level 1
In response to Kureli Sankar

‎06-07-2011 08:28 PM

Hi Sankar,

Thanks for your reply.

This message shows on both standby ASA5585, I think that it should not be a hardware issue and might be a bug. Do you have any recommend actions for troubleshoot before I open a TAC case, such as "debug fover fail".

Jeff

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to huang.jeff

‎06-08-2011 12:36 PM

Both standby ASAs? You have two failover pairs?

At this point it appears to be a new defect that we may not have seen. 

It may be cosmetic for all you know.

May be short lived conns by the time we get to replicate these to the standby they are torn down on the active unit.

It appears that the conns are unable to replicate from the active to the standby.

Is the unit low on memory? Debugs will be good but, depending on how much traffic the unit is pumping, it may be too much or spike the CPU.

Have the TAC engineer open a defect if needed and take it from there.

-Kureli

0 Helpful

huang.jeff
Level 1
Level 1
In response to huang.jeff

‎06-09-2011 02:07 AM

Yes, we had two failover pairs and this message appears in both standby ASAs.

Thanks for your reply and suggestions.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card