Upgraded ASA 5520 from 8.0.3 to 8.0.4.48 and memory up quite a bit

Unanswered Question
Nov 14th, 2009
User Badges:

Hello,


I have upgraded our 2 ASA firewalls (Active/Standby) from 8.0.3 to 8.0.4.48 and the memory has gone from 280mb to 450mb, the ASA's have 512mb.


Is this normal/ok?


I will call Cisco TAC on Monday, but seems quite a jump to me, I'm wondering if it has turned something on I don't need, not sure how I can check.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
plumbis Sat, 11/14/2009 - 10:24
User Badges:
  • Silver, 250 points or more

This is expected due to new features. I would suggest disabling threat-detection to free up some memory. As long as you aren't seeing a steady increase in memory I wouldn't sweat it.

plumbis Sun, 11/15/2009 - 08:26
User Badges:
  • Silver, 250 points or more

to see what threat-detection features are enabled issue the command "show run threat-detection"


to disable those features use the "no" keyword before them.


For example

===========================

ciscoasa# sh run threat-detection

threat-detection basic-threat

threat-detection statistics access-list

ciscoasa# conf t

ciscoasa(config)# no threat-detection basic-threat

ciscoasa(config)# no threat-detection statistics access-list

===========================

whiteford Sun, 11/15/2009 - 12:15
User Badges:

Thanks,


I tried that but made no difference to the amount of memory being used, how can I show what is taking it all up?

Jerry Ye Sun, 11/15/2009 - 15:22
User Badges:
  • Cisco Employee,

You can try show proc mem.


HTH,

jerry

plumbis Mon, 11/16/2009 - 19:13
User Badges:
  • Silver, 250 points or more

The top two offenders are tmatch compile and dispatch unit. tmatch compile is related to ACLs and dispatch unit related to traffic.


How big are your access lists? (show access-list | i elements)


What is the platform?


How much traffic is going through this box?


Are there drops, errors, overruns or underruns on the interfaces?

Actions

This Discussion