I am trying to configure packet capture in ASA 5520 for troubleshooting. I am in the impression that
1. The captured data is stored in the RAM of the Firewall. Is this correct?
2. If that the case won't the firewall run out of memory for normal traffic if I run the capture of sometime?
3. How to reserve the memory space for packet capture?
Can anybody help me on this?
By default ASA only reserves 512k for capture and stops when it is filled, but you can increase this using the buffer option ie
capture CAP-NAME access-list CAP-ACL interface outside buffer 20000
Or you can use a circular buffer to keep capture running ie
capture CAP-NAME access-list CAP-ACL interface outside buffer 20000 circular-buffer