11-23-2007 07:30 AM - edited 03-09-2019 07:28 PM
I upgraded my PIX from 7.2 to 8.0 and have seen a drastic increase in memory usage. I have 128MB installed. On 7.2 I was seeing less than 50% utilization (51MB), and in 8.0 I am seeing near 90% utilization (114). I do have one IPSec site-to-site tunnel. My buffered logging is all disabled. What should I be looking for?
11-26-2007 02:48 AM
try "sh processes memory" and search on cisco for weird looking processes.
i played around with the thread detection which alone consumed about 41 mbyte.
ciscoasa(config)# no threat-detection ?
configure mode commands/options:
basic-threat Keyword to enable basic threat detection
rate Keyword to modify rate parameters for threat detection
scanning-threat Keyword to enable scanning threat detection
statistics Keyword to configure statistics of threat detection
11-26-2007 03:24 AM
we had the same with the processor on an ASA. We performed an upgrade from 8.02 to 8.03 and the problem was solved.
So, maybe upgrading to this version will solve your problem too.
Good luck.
J
11-26-2007 05:56 AM
just checked it on a test asa (5505).
same config, basic nat firewall, nothing special:
256 mb ram
7.2.3: 24% mem util
8.0.3: 47% mem util
ciscoasa# sh version
Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
Compiled on Wed 15-Aug-07 16:08 by builders
System image file is "disk0:/asa723-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 hour 31 mins
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash LHF00L47 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001c.58c1.c9ba, irq 11
...
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# sh mem
Free memory: 203074512 bytes (76%)
Used memory: 65360944 bytes (24%)
------------- ----------------
Total memory: 268435456 bytes (100%)
---
ciscoasa# sh version
Cisco Adaptive Security Appliance Software Version 8.0(3)
Device Manager Version 6.0(3)
Compiled on Tue 06-Nov-07 22:59 by builders
System image file is "disk0:/asa803-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 mins 31 secs
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash LHF00L47 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001c.58c1.c9ba, irq 11
...
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
This platform has a Base license.
Configuration register is 0x1
Configuration has not been modified since last system restart.
ciscoasa# sh mem
Free memory: 142038976 bytes (53%)
Used memory: 126396480 bytes (47%)
------------- ----------------
Total memory: 268435456 bytes (100%)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide