Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
3
Replies

Problem with ASA-5510 randomly rebooting during the week

Go to solution
baskervi
Level 1
Level 1

‎07-12-2016 08:31 AM - edited ‎03-12-2019 01:00 AM

We have an ASA-5510 running 8.2(5.50) that all the sudden started rebooting randomly during the week last week. I'm attaching the syslog information, and I've search Cisco's web site but can't find the reason. Any ideas? Thanks

Timestamp

2016-07-11 20:13:39.526

Received by

appliance-syslog-udp on  f415495d / graylog

Stored in index

graylog_262

facility

local4

from_syslog

true

level

4

local_facility

asa

local_level

4

message

Task ran for 23924 msec, Process = Checkheaps, PC = 9355cb5, Call stack = 0x09355CB5 0x09356CC0 0x089848BA 0x089A8A38 0x0805E995 0x0805F1BF 0x08A63C84 0xDD6AA6D5 0xDD57D1E0 0x0933F6B5 0x09340B62 0x093452D1 0x09361FB6 0x08063BA3

source

172.24.10.253

timestamp

2016-07-11T20:13:39.526Z

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
m.kafka
Level 4
Level 4

‎07-12-2016 09:28 AM

Hi,

did anything change? New type of traffic/protocols? The 8.2.5(50) is old, maybe you should update/upgrade:

from: http://www.cisco.com/web/software/280775065/45357/ASA-825-Interim-Release-Notes.html

Your Revision: Version 8.2.5(50) – 06/30/2014

The latest interim is 8.3.5(59) Feb 2016

Your release is pre-IKE-fragmentation-vulnerability. Maybe someone hits you with fragmented IKE-probes?

Rgds, MiKa

View solution in original post

0 Helpful
3 Replies 3

Go to solution
m.kafka
Level 4
Level 4

‎07-12-2016 09:28 AM

Hi,

did anything change? New type of traffic/protocols? The 8.2.5(50) is old, maybe you should update/upgrade:

from: http://www.cisco.com/web/software/280775065/45357/ASA-825-Interim-Release-Notes.html

Your Revision: Version 8.2.5(50) – 06/30/2014

The latest interim is 8.3.5(59) Feb 2016

Your release is pre-IKE-fragmentation-vulnerability. Maybe someone hits you with fragmented IKE-probes?

Rgds, MiKa

0 Helpful

Go to solution
baskervi
Level 1
Level 1
In response to m.kafka

‎07-12-2016 09:47 AM

The last change to this firewall was 15 Nov 2015, so it's been several months. We updated the firmware for a wireless LAN controller the 7th of this month, and there is a Catalyst 4507r between the WLC and ASA, and that wasn't upgraded. I'm not aware of any new protocols. I realize that 8.2.5 is old, but Cisco's web site still shows 8.2.5 and 8.4.7 as the suggested firmware versions. 

Thanks for the feedback regarding the pre-IKE-frag-vulnerability. I was suspecting a bug or some type of attack causing this but wasn't sure. We'll look at upgrading the firmware.

As a side note, every once in a while when I log onto Cisco's web site, I can see the subversion, e.g. 8.2.5(50) or whatever the latest is, and sometimes not. I've heard that 8.2.5 is up to 8.2.5.(65) or something close to that, but I can't tell from Cisco's download specifically what version. I'm just wondering if it depends on which web server I hit.

0 Helpful

Go to solution
m.kafka
Level 4
Level 4
In response to baskervi

‎07-12-2016 10:23 AM

Thanks for the feedback!

The latest release I can see is 8.2.5(59) for the 8.2.5 train, I just looked it up in the download center.

Just remember If you upgrade beyond 8.2 the syntax and behavior changes significantly.

Good luck!

MiKa

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card