Upgraded ASA 5520 from 8.0.3 to and memory up quite a bit

Unanswered Question
Nov 14th, 2009


I have upgraded our 2 ASA firewalls (Active/Standby) from 8.0.3 to and the memory has gone from 280mb to 450mb, the ASA's have 512mb.

Is this normal/ok?

I will call Cisco TAC on Monday, but seems quite a jump to me, I'm wondering if it has turned something on I don't need, not sure how I can check.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
plumbis Sat, 11/14/2009 - 10:24

This is expected due to new features. I would suggest disabling threat-detection to free up some memory. As long as you aren't seeing a steady increase in memory I wouldn't sweat it.

plumbis Sun, 11/15/2009 - 08:26

to see what threat-detection features are enabled issue the command "show run threat-detection"

to disable those features use the "no" keyword before them.

For example


ciscoasa# sh run threat-detection

threat-detection basic-threat

threat-detection statistics access-list

ciscoasa# conf t

ciscoasa(config)# no threat-detection basic-threat

ciscoasa(config)# no threat-detection statistics access-list


whiteford Sun, 11/15/2009 - 12:15


I tried that but made no difference to the amount of memory being used, how can I show what is taking it all up?

plumbis Mon, 11/16/2009 - 19:13

The top two offenders are tmatch compile and dispatch unit. tmatch compile is related to ACLs and dispatch unit related to traffic.

How big are your access lists? (show access-list | i elements)

What is the platform?

How much traffic is going through this box?

Are there drops, errors, overruns or underruns on the interfaces?


This Discussion