We have an ASA5510 running 8.0(4) with a CSC-SSM-10 module with the following characteristics:
Hardware version: 1.0
Firmware version: 1.0(11)2
Software version: CSC SSM 6.2.1599.4
Once in a while the CSC-SSM module appears as unresponsive and a reset is needed for it to work again. We haven't been able to find a pattern or a reason for this to happen and our customer is unhappy with having to monitor the module everyday in case it's unresponsive again.
This happens almost every month, and we are running out of ideas on how to troubleshoot this.
Is this expected? is there a command or something we should monitor to find the real problem?
I have a similar situation with one of my clients.
I resolve situation by tunning access-list which send traffic to CSC (for example is a best practce to take off comunication from CSC address to www ports - each scan of a connection to the internet generate an interogation to Trend site from CSC address which not need protection-, also if you have http trafic from Inside to your DMZ also I think that is a traffic which don't need protection). Initially I have to much traffic send to CSC and I try to select just traffic which really need protection.
We already are limiting the traffic that is being sent to the CSC ssm, we are only missing the connection between the CSC and the internet, however I've been monitoring and it seems the number of connections from there is not relevant. We'll add it however (thanks again) and will try also adding the "set connection per-client-max" on the policy-map to see it if helps.
We are now running 6.2.1599.6 and will monitor for a while.
Any other ideas on how to troubleshoot this will be greatly appreciated.
Daniela, I'm curious if you ever found a resolution to this? We're seeing the same thing here. I can't find any reason why the card would become unresponsive, but it does. Our only fix is forcing a reboot of the asa which drops all of our remote vpn's and brings down the access to our website = not a lot of happy people!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...