Problem with compiling signatures 5.x on router 1812
I would like to enable IPS on my Cisco Router 1812. If I configure basic IPS settings (category all; retired true; category ios_ips basic; retired false;) and then use the latest signature pkg pack during copying them into idconf, I get following error:
%SYS-2-MALLOCFAIL: Memory allocation of 385 bytes failed from 0x625FBA70, alignment 0
and my router reboots and signatures are not loaded into router and I cannot use built-in IPS. What is interesting when I use old signatures everything goes fine. Any ideas what can be the reason (in the future I would like to enable auto-response and would like to have no suprises like unexpected reboots:)). Thanks!
Re: Problem with compiling signatures 5.x on router 1812
The explanation of the error message is as follows:
%SYS-2-MALLOCFAIL: Memory allocation of [X] bytes failed from
0x6015EC84, pool [Pool], alignment 0 -Process=
"[Process]" ipl= 6, pid=5
[X] = the number of bytes the router tried to allocate, but could not find enough free memory to do so
[Pool] indicates whether the processor memory ('Pool Processor') or the packet memory ('pool I/O') is affected. High end routers (7000, 7500 series) have their buffers in main dynamic random-access memory (DRAM), so a lack of packet memory will be reported as "pool processor". 7200 series and Versatile Interface Processor (VIP) cards may also report errors in pool Protocol Control Information ('pool PCI')" for the packet memory.
[Process] is the process that was affected by the lack of memory.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...