Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Seeing errors & FIFO Overruns on the ASA-SSM-10

Hello,

A few of my customers are utilizing ASA-SSM-10 module running under ASA5510/20 hardware. The FW?s is part of the Failover configuration.

The module is running in "promiscuous fail-open" mode and the class-map for the IPS is applied as global_policy with access-list monitoring all the interfaces and all protocols.

In two independent cases, we are seeing errors on the Sensing interface GigabitEthernet0/1

Total Receive Errors = 772089

Total Receive FIFO Overruns = 3832

I've already verified speed/duplex settings on the FW side and I don't see any errors that would probably be causing this behavior. The bandwidth on the all interfaces is also nowhere close to the rated 150Mbps/s inspection.

Here is the scenario:

Client1 - HA

ASA 5510 Adaptive Security Appliance v7.2(2)19

ASA 5500 Series Security Services Module-10 v5.1(6)E1

Client2 - HA

ASA 5520 Adaptive Security Appliance v7.2(2)10

ASA 5500 Series Security Services Module-10 v5.1(6)E1

Wondering if anyone has seen the behavior in their environment and what might be causing it?

239
Views
0
Helpful
0
Replies