Hi all,

in my test LAB i have used a 5505 running 9.1.1.

I have setup a DC (2008R2) and then AD Agent.

I have configured and used Identity firewall rules which worked like a charm!!

I have also used LDAP Auth which also worked fine.

I then disabled all the rules but kept the identity firewall checked.

Since it was a lab environment, i had to remove the DC for other tests.

A few hours later the ASA initially was stuck.

I used the console and i saw it could ping noone! not even directly attached PCs or defgw (i  was able to ping them before it stucked).

No arp table also!

the asa did no NATing so no xlate entries were vavailable.

Then i sshed to it.

I got a blank screen and from console i could see cpu-usage from ssh to 20%

I opened a second ssh: nothing. Blank Screen again. cpu-usage from ssh to 40% (overall ~50%)

I opened a third ssh: nothing. Blank Screen again. cpu-usage from ssh to 65% (overall ~75%)

I issued reload from console! Nothing! it was trying to shut down!

I issued reload quick-> that is when console was lost!!

I have to unplug it.

The DC that was removed was also the DNS for the ASA.

The only log message i could see, before it stuck was "AD Agent is out of reach"

To save for asking:

i have ttried this 4 times. Always the same. 100% reproducable

I disabled the identity firewall-> no problem! it worked for days.100% reproducable

I downgraded to 8.4.5--> the same for both above actions

Anyone has seen that before?

Any recomendations.

Could this be a software bug or hardware one?

BR

Anthony