cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2284
Views
10
Helpful
3
Replies

System is low on free memory blocks of size 2048 (0 CNT out of 1200 MAX)

ionut.lumina
Level 1
Level 1

Hello, i was wondering if i could get some help,  i have an ASA 5505, that keeps crashing every 4 to 5 days.  Everytime is happens its due to a depleted memory block.

 

The error is:  System is low on free memory blocks of size 2048 (0 CNT out of 1200 MAX).

 

Can anyone point me in the right direction on what could be causing this.

 

I'm running ASA 9.0.1(1)

 

Any help would be really appricated!

P.S. this is not related to any bug about vpn ssl.

3 Replies 3

Pulkit Saxena
Cisco Employee
Cisco Employee

Hi,

ASA is getting crash because of memory block depletion which is always cosmetic. Else, the block should be freed after its use.

2048 block is used for control updates.

You can either upgrade to a newer version and see if the issue persists or you can open up a TAC case where they will be taking some additional outputs and will also look into the crash file to further debug the issue.

However, they can even ask for a proactive upgrade as 9.0.x is EOL.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-C51-735387.html

Hope this helps,

Pulkit

What kind of updates are you referring at (you said about "control updates")?

I was referring to the output of "show blocks" as per command reference.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s4.html#pgfId-1743245

However, to be more precise, block size 2048 is an add on to block size 1550 for general packet processing and traffic sent to SSM module. In case of ASA 5505, block size 2048 is used for general packet processing for all sorts of traffic.

So in that case either you are receiving a bulk of traffic continuously which ASA is unable to handle but that should free up the block later, however in your case the ASA crashes which makes me think it is a proper block depletion case and thus cosmetic.

Still if you want you can calculate the throughput of your ASA using the below mentioned link :

https://supportforums.cisco.com/document/13122441/throughput-calculation-cisco-asa

-

Pulkit

Review Cisco Networking for a $25 gift card