cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4977
Views
0
Helpful
4
Replies

Cisco ASA 5505 constantly crashes

aturnipseed
Level 1
Level 1

I have a Cisco ASA 5505 that randomly crashes multiple times through out the day.  I cannot seem to find any logical cause but a simple reboot of the box always does the trick.  I have used the ASA at multiple locations without a problem. Any suggestions would grealy be appriciated.  Attached is a copy of the show inter face where I notice there are a lot of collisions and switch ingress policy errors.


Invalid password
Password:
Invalid password
Password: *********
asaCordova# sh int
Interface Vlan1 "inside", is up, line protocol is up
  Hardware is EtherSVI
        MAC address 001d.70ff.9e5a, MTU 1500
        IP address XXXXXXXXXXX, subnet mask 255.255.255.0
  Traffic Statistics for "inside":
        115157 packets input, 14118751 bytes
        169911 packets output, 178912595 bytes
        3418 packets dropped
      1 minute input rate 7 pkts/sec,  482 bytes/sec
      1 minute output rate 2 pkts/sec,  165 bytes/sec
      1 minute drop rate, 3 pkts/sec
      5 minute input rate 3 pkts/sec,  249 bytes/sec
      5 minute output rate 2 pkts/sec,  229 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI
        MAC address 001d.70ff.9e5a, MTU 1500
        IP address XXXXXXXXXXX, subnet mask 255.255.255.252
  Traffic Statistics for "outside":
        170159 packets input, 179273047 bytes
        109526 packets output, 14101464 bytes
        109 packets dropped
      1 minute input rate 0 pkts/sec,  115 bytes/sec
      1 minute output rate 0 pkts/sec,  68 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  181 bytes/sec
      5 minute output rate 1 pkts/sec,  95 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan3 "dmz", is down, line protocol is down
  Hardware is EtherSVI
        MAC address 001d.70ff.9e5a, MTU 1500
        IP address unassigned
  Traffic Statistics for "dmz":
        0 packets input, 0 bytes
        0 packets output, 0 bytes
        0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan4 "", is down, line protocol is down
  Hardware is EtherSVI
        Available but not configured via nameif
        MAC address 001d.70ff.9e5a, MTU not set
        IP address unassigned
Interface Ethernet0/0 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)
        Available but not configured via nameif
        MAC address 001d.70ff.9e52, MTU not set
        IP address unassigned
        170665 packets input, 182471369 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        509 switch ingress policy drops
        109522 packets output, 16535936 bytes, 0 underruns
        43 output errors, 41 collisions, 0 interface resets
        0 babbles, 0 late collisions, 218 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/1 "", is up, line protocol is up
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)
        Available but not configured via nameif
        MAC address 001d.70ff.9e53, MTU not set
        IP address unassigned
        118687 packets input, 17131100 bytes, 0 no buffer
        Received 6116 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        2 switch ingress policy drops
        168268 packets output, 181885596 bytes, 0 underruns
        197 output errors, 197 collisions, 0 interface resets
        0 babbles, 0 late collisions, 55 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/2 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex, Auto-Speed
        Available but not configured via nameif
        MAC address 001d.70ff.9e54, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/3 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex, Auto-Speed
        Available but not configured via nameif
        MAC address 001d.70ff.9e55, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/4 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex, Auto-Speed
        Available but not configured via nameif
        MAC address 001d.70ff.9e56, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/5 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex, Auto-Speed
        Available but not configured via nameif
        MAC address 001d.70ff.9e57, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/6 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex, Auto-Speed
        Available but not configured via nameif
        MAC address 001d.70ff.9e58, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 L2 decode drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
Interface Ethernet0/7 "", is down, line protocol is down
  Hardware is 88E6095, BW 100 Mbps
        Auto-Duplex, Auto-Speed
        Available but not configured via nameif
        MAC address 001d.70ff.9e59, MTU not set
        IP address unassigned
        0 packets input, 0 bytes, 0 no buffer
        Received 0 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        0 switch ingress policy drops
        0 packets output, 0 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        0 rate limit drops
        0 switch egress policy drops
asaCordova#

4 Replies 4

Panos Kampanakis
Cisco Employee
Cisco Employee

By crash do you mean reboot of the box? If yes then this is probably a software defect and you should open a TAC case for them to decode it and tell you what it is.

If the ASA stalls and needs a reboot to come back it could be memory, cpu. you would need "sh blocks", "sh cpu", "sh mem" to see if you are running high in any of those.

I hope it helps.

PK

I did that and it seems to be fine.  Nothing is running out of control.  I have used this ASA at other sites and it has worked fine.

By crash do you mean reboot of the box? If yes then this is probably a  software defect and you should open a TAC case for them to decode the "sh crashinfo" output and  tell you what it is.

PK

What version of code are you running?  Is anything special going on when the firewall 'crashes', i.e. make acl changes etc?  What do you mean by crash, do you me reboots?  Do you have a crashinfo file, you can check this by do a 'show crashinfo'?  Are you doing any monitoring of the firewall?  If so what does your memory and cpu usage look like?  Do they spike at the time of the crash?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: