12-19-2019 01:25 AM - edited 02-21-2020 09:49 PM
I have a 5506-X running 9.9(2)61 and ASDM 7.13(1). I have had to stay on 9.9 due to it having the FirePOWER services module running. It is configured for Webvpn and has the headend Anyconnect packages installed. I recently updated them to the latest 4.8.01090 packages. If more than one package is installed then I get memory errors and I can't ssh, telnet or open ASDM.
asa5506/actNoFailover/pri(config-webvpn)# anyconnect enable process_create: out of stack memory _listen_ssh: failed to create thread for interface 6 port 22 process_create: out of stack memory _listen_ssh: failed to create thread for interface 6 port 22 asa5506/actNoFailover/pri(config-webvpn)# asa5506/actNoFailover/pri(config-webvpn)# asa5506/actNoFailover/pri# process_create: out of stack memory _listen_ssh: failed to create thread for interface 6 port 22 process_create: out of stack memory Unable to create Unicorn Admin Handler process_create: out of stack memory _listen_telnet: failed to create thread for interface 6 port 23
If the configuration is saved and the ASA rebooted it crashes as it loads the configuration and then bootloops.
If Anyconnect is enabled or disabled its the same behaviour. It is only when there is a single Anyconnect .pkg file configured that it works.
12-19-2019 04:08 AM
This is at least not how it should behave. Typically you have two or three images loaded (Win, macOS, Linux) and while upgrading often four to six and everything works. And that works for a couple of my 5506 from customers (with 9.8, 9.9 and 9.10).
Your ASA-prompt indicates that there is something wrong with your failover. I would fix that first and then look further. I nothing helps, factory-reset the box and configure it completely new to see if the failure lasts. If everything does not help open a TAC case.
12-19-2019 04:25 AM - edited 12-19-2019 04:26 AM
There is no failover configured, this is a standalone ASA5506-X. As part of a standard ASA build the line:
prompt hostname context state priority
is added that includes the failover status in the prompt. You should just ignore that as its irrelevant.
I would normally have three images loaded - Windows, MacOS and Linux X64. Currently I just have one image loaded and it works fine, however two or more then I get these memory issues. Luckily I have a console connection via an old 2516 router acting as a reverse telnet server so I can get on the console.
This is the current configuration:
webvpn enable outside no anyconnect-essentials hostscan image disk0:/hostscan_4.8.02024-k9.pkg hostscan enable anyconnect image disk0:/anyconnect-win-4.8.01090-webdeploy-k9.pkg 1 anyconnect enable cache disable error-recovery disable
The other Anyconnect images are in flash, however if I add them to the webvpn configuration I get these memory issues.
anyconnect image disk0:/anyconnect-linux64-4.8.01090-webdeploy-k9.pkg 2 anyconnect image disk0:/anyconnect-macos-4.8.01090-webdeploy-k9.pkg 3
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide