I recently did a quick check on one of the daily logs on my ASA 5520, and I noticed that fairly often I am getting an "LU allocate connection failed". I obviously checked the error message on the site and it says "Stateful Failover cannot allocate a new connection on the Standby unit. This may be caused by little or no RAM memory available within the PIX Firewall.
Recommended Action Check the available memory using the show mem command to make sure the PIX Firewall has free memory in the system. If there is no available memory, add more physical memory to the PIX Firewall."
A little background info, I have 2 ASAs in an Active/Standby setup, the active Unit's log is giving the LU allocate failed messages.
Anyone have any suggestions? I did a "show mem" on my active unit and it was fine, not even using 25%... could it be the Standby Unit is having issues?
bump - sorry to bump this up the list, but if anyone knows whats going on, I would appreciate some advice. I logged into the standby unit yesterday (through asdm) and check the live log, I saw plenty of the same LU Allocation Failed messages over and over. I also did a memory check on the unit, and it was only using 20%.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...