[c-nsp] keeping ASA-5585s stable

Deny IP Any Any denyipanyany at gmail.com
Mon Nov 28 12:15:08 EST 2011


I've got a pair of ASA-5585s in an Active/Standby config running
asa825-13-smp-k8.bin.  A week or two after being deployed, the Active
unit started to crash every few hours; TAC had me move to
asa825-17-smp-k8.bin, and to also stop using remote-access IPSEC VPN
on these units.

Now, 2 weeks later, the Active unit started to crash again, and TAC is
baffled (when the secondary unit goes Active, it crashes too, so I
don't think it is hardware)

Does anybody have ASA5585s that run stable? Mine aren't doing anything
crazy; pushing 120megabit/sec on the outside int with around 35000
connections, and about 275 static NAT translations for an e-com web
farm; the exact same config was very stable on a pair of 5540s for
years, until we "upgraded" to 5585s.

Cisco Adaptive Security Appliance Software Version 8.2(5)17

Compiled on Fri 28-Oct-11 17:09 by builders
Hardware:   ASA5585-SSP-10
Crashinfo collected on 09:12:57.554 EST Mon Nov 28 2011

Traceback:
0: 0x8061c83
1: 0x8062797
2: 0x8af4cc5
3: 0xff6a86d5
4: 0xff57b1e0
5: 0x81dd98b
6: 0x81dc88a
7: 0x8af0a28
8: 0x8af9f62
9: 0x8afeb47
10: 0xff6a3a1c
11: 0xff61f7d7

-- 
deny ip any any (4393649193 matches)


More information about the cisco-nsp mailing list