Core issue
This issue is related to a memory leak in PIX/ASA version 7.2(1).
During this issue, the block memory depletes. This is a transient message and the firewall should recover. (Primary) can also be listed as (Secondary) for the secondary unit.
Resolution
In order to isolate this issue, use the show blocks command.
The show blocks command helps to determine if the security appliance is overloaded. This command lists the pre-allocated system buffer utilization. A full memory condition is not a problem as long as traffic moves through the security appliance. Issue the show conn command in order to see if the traffic moves. If the traffic does not move and the memory is full, there can be a problem.
This information can also be viewed through the Simple Network Management Protocol (SNMP).
The information shown in a security context includes the system-wide information as well as context-specific information about the blocks in use and the high water mark for block usage.
Examples
This is a sample output from the show blocks command in single mode:
hostname#show blocks
SIZE MAX LOW CNT
4 1600 1598 1599
80 400 398 399
256 3600 3540 3542
1550 4716 3177 3184
16384 10 10 10
2048 1000 1000 1000
In order to resolve this issue, download and upgrade PIX/ASA to software version 7.2.2 (18) or later from Cisco Downloads. If issue still exists contact Cisco Technical Support.