10-20-2008 06:02 AM - edited 03-11-2019 06:59 AM
Hi,
I have a ASA 5520 with 512mb of memory. Over the last fiew months the memory has increased from 25% to and average of 65%.
I have added about 10 VPN's recently which increased in by 10%, but the other part I can only think it's from our WAN. Our WAN is connected to a VLAN on a Cisco 3750 that is trunked to the ASA's 0/2 port.
These VPN's and WAN offices are controlled using numerous ACE's.
Are there any methods to show what could be using the memory?
Thanks
10-20-2008 06:24 AM
Hi,
Click on following link and try to troubleshoot.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml
Ray
10-20-2008 07:30 AM
Our Internet pipe (VPN's come in) just went down for 10 mins, and the memory didn't change which makes me think the Internet and VPN's haven't caused the memory to increase.
Here is my output:
show memory
Free memory: 191530360 bytes (36%)
Used memory: 345340552 bytes (64%)
------------- ----------------
Total memory: 536870912 bytes (100%)
show xlate count
514 in use, 1223 most used
sh conn count
810 in use, 1915 most used
sh blocks
SIZE MAX LOW CNT
0 100 62 100
4 728 727 727
80 700 683 700
256 612 579 612
1550 8881 7314 7583
2048 2612 2339 2358
2560 164 164 164
4096 100 100 100
8192 100 100 100
16384 230 230 230
65536 16 16 16
10-20-2008 07:58 AM
Hello Andy,
If you enabled buffered logging, or you have ASDM 6.0 with IOS 8.0, the Top 10 usage services consume a lot of memory. Disable it by following command
no threat-detection statistics host
no threat-detection statistics port
no threat-detection statistics protocol
Regards
10-20-2008 09:57 AM
Hi, How did u determine that the top 10 services are consuming the high memory and what shd be the normal statics. Thanks
10-20-2008 10:06 AM
Hi,
I do have buffering enabled, and do use ADSM 6.x with IOS 8.x and I do see these top 10 usage stats.
I will run those commands into the CLI and get back to you!
10-20-2008 10:20 AM
Andy,
Buffering does not affect that much, it can stay, but Top 10 usage does! A relaoad after disabling Top 10 usage is necessary.
Ray,
This is one of the popular reasons for high memory consumption that use IOS 8.x and ASDM 6.x. There is no specific output from Andy's previous post proves that
Regards
10-20-2008 11:08 AM
Do I need a reload?
I disabled them and my memory went from 329mb to 276mb instantly! Pretty good start :)
These 2 remain though, do I still need them?
threat-detection basic-threat
threat-detection statistics access-list
10-20-2008 11:18 AM
I wud advice u clear it then see response.
Ray
10-20-2008 11:30 AM
Let these two stay. basic threat detection is a new feature that comes with IOS 8.0. It checks for specific rates of traffic flows and sends syslog messages when something unusual occurs. If you like you can disable it and see if its memory usage is considerable.
A Reload may work for a lower usage.
10-20-2008 11:39 AM
Also you can track down the process that usees memory by
show processes memory
10-20-2008 11:55 AM
10-21-2008 10:07 AM
Hi,
I was just wondering if you or anyone could look at my memory process output and see what is using the memory?
I don't have the knowledge/experience to understand this output yet.
Thanks in advance for you time spent helping me out.
10-21-2008 10:57 AM
Oh... I have posted here something but it doesnt appear, sometimes responses do not post.
Without having any idea about your device utilization, "tmatch compile thread" consumes way too high memory in my opinion (130MB+) . Never heard of that thread before, looks like a TAC issue. Also fover_parse consumes memory (40MB+), do you have a failover configuration?
I read some bugs related to fover process in IOS 8.0.3(6). I suggest you to upgrade your IOS to 8.0.3(12) or higher.
10-21-2008 11:09 AM
Hi,
How do I contact TAC, I have never done this before? I have a Smartnet for this firewall.
I do have a failover ASA 5520 too in active/standby mode.
Is 256mb memory high for an ASA? I have about 12 VLAN's (sub interfaces for webservers, and a WAN for 6 offices), 10 VPN's, 30 remote users, 600 users on the inside.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: