About Micccc4

Micccc4 · 01-16-2023

Hi Everyone, For not so long time ago we have deployed FTD 1010 (software v. 7.0.1) and pretty short after deployment it started to generate 'High Memory Usage' critical alerts. Configuration of that FP is minimalist and CPU is daround 4% -5% all the...

Micccc4 · 11-23-2022

Hi Everyone, we have an IPSEC tunnel between FP2110 and ASA firewall. Tunnel is stable and operational but every hour, at the same time, peers (firewalls) at both ends send TCP RST packet to the endpoints at their side that are having active sessio...

Micccc4 · 06-02-2022

Hi Everyone, It's the first time I have got into this issue and wonder if any of you have ever experienced the same and maybe have an explanation. We have an ASA firewall that has to be SSH accessible for Cisco Prime on outside interface. SSH access ...

Micccc4 · 03-07-2022

Hi Everyone,We are struggling with setting up a stable IPSEC tunnel between FWs mentioned in the subject. Tunnel itself is up all the time, allowing bidirectional communication to start with, but then, in random times, stops passing traffic while the...

Micccc4 · 11-12-2021

Hi Everyone, On the FTD 2110 running the newest recommended software (6.6.5-81) we have to interfaces on the inside (internal + dmz) and outside one. In dmz there is a service that is exposed to the internet (NAT to the public IP that is with the sam...

Micccc4 · 01-18-2023

For your information.. Memory usage has increased another 2% last day so we went for reboot. If its still increasing we will plan for upgrade. Will update ticket in about 1 week...

Micccc4 · 01-17-2023

Thanks @Marius Gunnerud - there is just one rule set in the ACL with curren element count: #show access-list element-countTotal number of access-list elements: 11

Micccc4 · 01-17-2023

@Rob Ingram Do you happen to remember which software version you had when you experienced memory usage errors? We are currently running it on 7.0.1. thansk

Micccc4 · 01-16-2023

Thanks for quick responses everyone. @MHM Cisco World : FTD 1010, SW 7.0.1 #show asp drop (wasn't cleared since September or October) Frame drop:IPSEC tunnel is down (ipsec-tun-down) 131Invalid encapsulation (invalid-encap) 7Invalid TCP Length (inval...

Micccc4 · 11-23-2022

Hi @buffkata - thanks for commenting. Well, this was my first thought as well - that is how it looks based on the SRC IP address. However, RST packet that is received by the end point at one side of the tunnel is not captured on the other, 'source' s...

Member Since	‎11-12-2021 06:38 AM
Date Last Visited	‎02-06-2023 05:35 PM
Posts	19
Total Helpful Votes Received	30

User Statistics

User Activity

FTD-1010 - Critical High System Memory usage

IPSEC peers (FP and ASA) send TCP RST to the endpoints

SSH console towards ASA doesn't prompt for username/password

Unstable IPSEC tunnel between Fortigate 200D and ASA5506-X

Firepower - hairpin/reflected NAT rule

Re: FTD-1010 - Critical High System Memory usage

Re: FTD-1010 - Critical High System Memory usage

Re: FTD-1010 - Critical High System Memory usage

Re: FTD-1010 - Critical High System Memory usage

Re: IPSEC peers (FP and ASA) send TCP RST to the endpoints