cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3538
Views
0
Helpful
6
Replies

ASA 5550 block memory depleted

Kristen Sims
Level 1
Level 1

Currently running (2) ASA 5550's in LAN failover configuration ASA ver 8.3(2) . Intermittently the firewall will failover. And it will do this several times with a half hour or so time frame. Error message in syslogs is:

%ASA-3-105010   which is "Block memory was depleted. This is a transient message and the adaptive security appliance should recover.

Recommended Action: Use the show blocks command to monitor the current block memory.

What could be causing this issue? Is there a fix for this issue?

1 Accepted Solution

Accepted Solutions

Hi Kristen,

As a best practice, yes all interfaces should have a standby IP address assigned. If you have 'logging standby' enabled, this would be enough to trigger the bug I mentioned before. I would suggest adding the standby IP address to the management interface and then monitoring to ensure the block depletion stops.

Hope that helps.

-Mike

View solution in original post

6 Replies 6

mirober2
Cisco Employee
Cisco Employee

Hi Kristen,

Which block sizes are being depleted? Can you post the output of 'show block' for us?

-Mike

Size          Max          Low          CNT

       0           1450       1401          1450

       4              900          899              899

      80           5660        5525          5660

     256          3864         3608          3864

   1550        20000           0              19723

    2048        6100          6076          6100

    2560        7320          7320          7320

    4096         100           100             100

    8192          100           100             100

16384             200           200             200

65536               16              16              16

Thank you!

Hi Kristen,

By any chance, do you have 'logging standby' configured? If so, does every interface have a standby IP address configured? If any interfaces are missing a standby IP (you can check the output of 'show failover'), you may be running into this bug:

CSCtk68555 - 1550 and 256 byte blocks may leak to 0 causing failover and data issues

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtk68555

If this is the case, you can disable 'logging standby' or assign standby IP address to each and every interface as a workaround.

-Mike

I do have a standby IP address configured for every interface except the management interface. Should I configure a standby on the management interface?

Hi Kristen,

As a best practice, yes all interfaces should have a standby IP address assigned. If you have 'logging standby' enabled, this would be enough to trigger the bug I mentioned before. I would suggest adding the standby IP address to the management interface and then monitoring to ensure the block depletion stops.

Hope that helps.

-Mike

Thank you. I will do that.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: