Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
0
Helpful
3
Replies

PIX - Memory allocation Error

aasson
Level 1
Level 1

‎02-19-2004 09:45 AM - edited ‎02-20-2020 11:15 PM

On our network we have two PIX-520 in failover configuration.

Today, for the first time in five years, the active PIX started

generating thousands (almost a million in 15min) of messages:

%PIX-3-211001: Memory allocation Error

The failover PIX didn't switch to active, so the traffic

stopped flowing through the firewall.

A power down/up of the active PIX resolved the problem.

Is it a symptom of an hardware memory failure or an

effect of some hacker attack ??

Has anybody recently experienced a similar problem ?

Thank you,

Alessandro Asson

___________________________________________________________________

CINECA - Via Magnanelli, 6/3 I-40033 Casalecchio di Reno (BO) Italy

e-mail: a.asson@cineca.it tel +39 051 6171411 fax: +39 051 6132198

0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎02-19-2004 01:37 PM

Hi,

Cant say whether it is an attack or a hardware issue at the moment. You need to provide the following

show conn count

show xlat count

show version

Thanks

Nadeem

0 Helpful

aasson
Level 1
Level 1
In response to nkhawaja

‎02-20-2004 02:34 AM

HI,

here is the show xx commands output, taken now, not when the problem was present.. (at that time the pix

was not accessible)

Thank you,

Alessandro Asson

---

pixfirewall# sh conn count

3599 in use, 9146 most used

---

pixfirewall# sh xlat count

2793 in use, 2794 most used

---

pixfirewall# sh ver

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 2.1(1)

Compiled on Wed 19-Mar-03 11:49 by morlee

pixfirewall up 30 days 17 hours

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 350 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 00d0.b785.4722, irq 11

1: ethernet1: address is 00d0.b785.4649, irq 10

2: ethernet2: address is 00e0.b601.090e, irq 15

3: ethernet3: address is 00e0.b601.090d, irq 9

4: ethernet4: address is 00e0.b601.090c, irq 11

5: ethernet5: address is 00e0.b601.090b, irq 10

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

Serial Number: 18030673 (0x1132051)

Running Activation Key: 0xe21920a6 0xeac8139b 0x4b3172af 0xb9e4be7c

Configuration last modified by enable_15 at 11:26:10.538 MET Fri Feb 20 2004

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to aasson

‎02-20-2004 12:16 PM

this output seems to be normal. we would needed the same output at the time of the problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card