This issue is due to the presence of Cisco bug ID CSCsh13946.
In this issue, the modification of an access-list that has multiple entries and is tied to a NAT statement can cause the central processing unit (CPU) usage to be high for an extended period of time, which results in packet loss, triggers failover, and so forth.
This issue is typically seen when an access-list that references several object-groups exists in the configuration. When this access-list is edited in order to include more elements that reference additional object-groups, the number of access-list elements grows substantially. When this type of access-list is tied to a NAT statement and the ACL edits are made, the CPU can spike for a few minutes.
The workaround for this issue is to modify the access-lists applied to NAT statements so that the number of elements stays as low as possible.
Note: In order to minimizethe impact, make all of these changes during maintenance windows.
This issue is resolved in these PIX/ASA versions:
In order to completely resolve this issue, downgrade or upgrade to any of the suggested PIX/ASA software versions from Cisco Downloads.
In order to use Citrix, I followed the instruction in the URL: https://answers.uillinois.edu/illinois.engineering/page.php?id=81722. I selected '3_Tunnel All' when connecting the VPN. However, the connection failed, and I can no longer acce...
I recently purchased a Cisco ASA-SSM-AIP-20-K9 AIP Security Advanced Services Module from eBay and installed it into my Cisco ASA5540 firewall. It is shown properly, using the "show inv" command. I just need help in figuring out how to install...
Hi,We have a schedule ASA (HA) 5585-X up-gradation scheduled for next week end. Current ASA version is 9.1(6)10, & we are planing to upgrade to 9.8(4) 10 version.Please let me know, if i can directly upgrade to 9.8(4)10 version from current 9.1(6)10, ...
Hi, I have a problem deploying firepower 2140. I can't deploy FTD via firesight management center and show me an error "Deployment failed due to communication failure with device". when I checked in Device Manager panel, everything seems good. then I anal...