I currently in the process of setting up a new ASA 5510 firewall with ver. 8.0(2) for our company.
I cannot yet implement the box because of an annoying error. After a few hours of uptime, I am suddenly unable to log into ASDM or SSH.
I've narrowed the problem into some sort of memory problem.
When the problem arises, I've gone through the console to check the logs and debug messages.
The log stated some cryptic thing like: "SSL_new malloc failure"
And the debug of SSH and Crypto stated something like: "Unable to address xxxx amount of memory for ssl certificate"
After I read these messages, I looked into the memory consumption. (I should probably mention that this whole problem is solved by a reboot), and when issuing the command: "show memory detail" I can see that the available memory for the crypto engine has a free percentage of 13%.
Now, slowly this percentage is dropping! Every now and then I issue the command, and the free percentage has dropped a few percents. When it hits zero, I get the mentioned problem, where I am unable to log into ASDM and SSH.
So... Is there anyone outthere who's got a clue? It would be okay even with some sort of workaround, where I could clear the memory without having to reboot the whole box. I haven't been able to find such command myself, though.
Hope someone can help me out. I was supposed to install the firewall at midnight today, but if this problem is not solved (or a workaround found), I will be forced to delay this operation :(
I think you need to check the memory allocation after you reboot the device, the command "show mem detail" can show you the memory allocation states in detail. You can also try to pin point the process that is consuming the memory.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...