We are running ASA5520 with version 8.4(2)8 software and ASDM 6.4(5)205.
We have noticed the following problems:
- When having more than 30 IPSec-sessions connected, the log fills up with errors "System is low on free memory blocks of size..."
- When filtering by "AnyConnect Client" in "Monitoring > VPN > VPN Statistics > Sessions" the values "Bytes Tx / Bytes Rx" column is presented in one line ie. "8450198968129194". Seems to be missing a <cr><lf>
- When uploading a new CSD-image (via ASDM) all configuration för GPO, CP, DAP seems to dissapear, though, the config seems ok when looking at a sh run. Also, the newly updated csd-image doesn't show i ASDM.
- In Management Access > ICMP, no rules are shown.
change your logging level. Monitoring, Logging, Log Buffer, and the Real-Time Log Viewer
You maybe know but you can monitor Blocks. In monitoring, Properties, Sytem Ressources Graphs, Blocks.
Be carefull if you think 8.4(3) will solve your problem because I just downgrade from ASA 8.4(3) and ASDM 6.4(7) to 8.4(2) and 6.4(5)206. So if your using the activex method for clientless SSL VPN Access and RDP plug-ins, don't go with 8.4(3). If your using the java version for clientless, your ok with 8.4(3). Here's a copy paste from the email of the tech at Cisco.
Problem Description: After upgrading the ASA to 8.4(3) he is not able to connect to inside machines using rdp plugin.
Resolution Summary: Based on the troubleshooting done on the webex session the device is hitting bug id CSCtx58556.
I can't told you if I have the problem in the first post, I can't find Management Access > ICMP!! I can check if you give a precise path to this ICMP rules. It will be a pleasure.
It was just some idea and a BIG warning against 8.4(3) and rdp plug-ins and the activex.
Be carefull when downgrading. In my case one setting didn't stay as it should. Network (client) Access, Anyconnect Connection Profiles, in one connection profiles the method change from certificat to AAA. Do backup.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :