Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1215
Views
0
Helpful
0
Comments

Cannot connect to the ASA 5500 Series with software version 7.1 through SSH due to high memory usage on the device

TCC_2
Level 10
Level 10

‎06-22-2009 04:44 PM - edited ‎03-08-2019 06:19 PM

Core issue

In the Adaptive Security Appliance (ASA) version 7.1(2), HTTP accounting causes constant high CPU usage.

This issue is documented in Cisco bug ID CSSsd72617.

Secure Sockets Layer (SSL) VPN causes the ASA to freeze when a connected user tries to map a drive or browse the network. The ASA shows that 128MB of memory is used when WebVPN is enabled, but no users are connected.

Resolution

The Access Control List (ACL) used to specify traffic for HTTP accounting must specify the IP pool used for WebVPN. This ACL must not specify all IP addresses. A change to this ACL, in order to specify the IP pool as the source, reduces the CPU utilization to acceptable levels.

As a workaround, upgrade from ASA 7.1(2) to 7.1(2)4. To specify the amount of memory assigned to WebVPN processes, issue the memory-size command under the WebVPN configuration as shown in this example:

hostname(config)# webvpn
hostname(config-webvpn)# memory-size percent

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents