What's wrong with 8.4(2) and ASDM 6.4(5)205

fredrik.lundqvist · ‎11-25-2011

Hi!

We are running ASA5520 with version 8.4(2)8 software and ASDM 6.4(5)205.

We have noticed the following problems:

- When having more than 30 IPSec-sessions connected, the log fills up with errors "System is low on free memory blocks of size..."

- When filtering by "AnyConnect Client" in "Monitoring > VPN > VPN Statistics > Sessions" the values "Bytes Tx / Bytes Rx" column is presented in one line ie. "8450198968129194". Seems to be missing a <cr><lf>

- When uploading a new CSD-image (via ASDM) all configuration för GPO, CP, DAP seems to dissapear, though, the config seems ok when looking at a sh run. Also, the newly updated csd-image doesn't show i ASDM.

- In Management Access > ICMP, no rules are shown.

Does anyone else have similar problems?

Best regards,

Fredrik

pnavratil · ‎02-13-2012

Hi,

I also found there are no rules in Management access -> ICMP even there are some in running configuration. I am using ASA os 8.4(3) and ASDM 6.4(7)

Do you have any solution for this?

Regards

Pavel

Daniel marcotte · ‎02-13-2012

Maybe try ASDM 6.4(5) 206. or 6.4(7).

change your logging level. Monitoring, Logging, Log Buffer, and the Real-Time Log Viewer

You maybe know but you can monitor Blocks. In monitoring, Properties, Sytem Ressources Graphs, Blocks.

Be carefull if you think 8.4(3) will solve your problem because I just downgrade from ASA 8.4(3) and ASDM 6.4(7) to 8.4(2) and 6.4(5)206. So if your using the activex method for clientless SSL VPN Access and RDP plug-ins, don't go with 8.4(3). If your using the java version for clientless, your ok with 8.4(3). Here's a copy paste from the email of the tech at Cisco.

Problem Description: After upgrading the ASA to 8.4(3) he is not able to connect to inside machines using rdp plugin.

Resolution Summary: Based on the troubleshooting done on the webex session the device is hitting bug id CSCtx58556.

Bug Details: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtx58556

pnavratil · ‎02-13-2012

Hi Daniel,

but I am already using ASDM 6.4(7) – ok I will try to downgrade ASDM – did it solved problem with showing ICMP rules in Management access (in CLI “icmp permit/deny” commands) for you?

Regards

Pavel

Daniel marcotte · ‎02-13-2012

I can't told you if I have the problem in the first post, I can't find Management Access > ICMP!! I can check if you give a precise path to this ICMP rules. It will be a pleasure.

It was just some idea and a BIG warning against 8.4(3) and rdp plug-ins and the activex.

Be carefull when downgrading. In my case one setting didn't stay as it should. Network (client) Access, Anyconnect Connection Profiles, in one connection profiles the method change from certificat to AAA. Do backup.

pnavratil · ‎02-14-2012

Hi Daniel,

I tried to change ASDM to version 6.4(5)206 by it did not help – there is still no icmp rule displayed ☹ - it seem to me I will have to open SR on Cisco support.

Thank you for your valuable advices – luckily we do not use clientless VPN – only anyconnect – so as I understand the issue with RDP ActiveX does not touch us.

Thanx

Pavel