cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

When ASDM/SSH sessions are opened to the PIX 500 Series Firewall with software version 7.x, the CPU load increases, and the user receives the %PIX-7-701001: alloc_user() out of Tcp_user objects error message

843
Views
0
Helpful
0
Comments

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsc68126.

The PIX Firewall can run out of free TCP sockets and in certain circumstances, they are never freed. This is seen when logging mail is enabled and connections to the SMTP server can use all of the available TCP sockets.

The sockets are never freed, even after a couple of days. As a result, new SSH sessions to the PIX cannot be opened, and there is a high CPU load when the PIX is accessed through the Cisco Adaptive Security Device Manager (ASDM).

Resolution

In order to resolve this issue, follow these steps:

  • Disable logging mail.

  • Reload the device, which is the only way to free the sockets.
  • If  possible download and upgrade the software version to any one of these versions:

    • 7.1(1)

    • 7.0(5)

    • 7.1(0.171)

    • 7.0(4.5)  

Product Family

Firewall - PIX 500 series

ASDM Software Version

ASDM 5.x