By monitoring the "show block" command, how to identify that a PIX has problems with its performance ? The manual doesn`t clear about this one. The following is copy from "sh bloks" description :
"The show blocks command lists preallocated system buffer utilization. In the show blocks command listing, the SIZE column displays the block type. The MAX column is the maximum number of allocated blocks. The LOW column is the fewest blocks available since last reboot. The CNT column is the current number of available blocks. A zero in the LOW column indicates a previous event where memory exhausted. A zero in the CNT column means memory is exhausted now. Exhausted memory is not a problem as long as traffic is moving through the PIX Firewall. You can use the show conn command to see if traffic is moving. If traffic is not moving and the memory is exhausted, a problem may be indicated."
Questions are :
1. What should be looking at "show connection" so we can identify that the memory is exhausted ?
I'm no expert but one possible use that I know for the 'show block' comammnd is in the case where your PIX has failed and you are trying to find out what went wrong. As an example, if you are faced by the error "%PIX-3-210002: LU allocate block (size) failed", the suggested course of action is to use the show block command and check the current block memory. If the available count is 0 within any of the blocks of memory, then the PIX Firewall should be reloded to recover the lost blocks of memory. As another example, when encountered with the error message "%FWSM-3-105010: (Primary) Failover message block alloc failed", the reason most likely is that block memory is depleted. In this case again, the show block command can be used to verify the status of the block memory.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :