[c-nsp] keeping ASA-5585s stable

P C pc50000 at gmail.com
Mon Nov 28 12:32:39 EST 2011


asa823-10-smp-k8 is very stable for me on ASA 5580s (not 85) and
large-scale ipsec RA vpn termination.

Sounds like you are hitting a bug though, I'd push for escalation in
TAC.  You have a traceback and can grab the crashinfo file off the
flash.  They should be able to get a developer involved to find the
offending bug.



On Mon, Nov 28, 2011 at 10:15 AM, Deny IP Any Any
<denyipanyany at gmail.com> wrote:
> I've got a pair of ASA-5585s in an Active/Standby config running
> asa825-13-smp-k8.bin.  A week or two after being deployed, the Active
> unit started to crash every few hours; TAC had me move to
> asa825-17-smp-k8.bin, and to also stop using remote-access IPSEC VPN
> on these units.
>
> Now, 2 weeks later, the Active unit started to crash again, and TAC is
> baffled (when the secondary unit goes Active, it crashes too, so I
> don't think it is hardware)
>
> Does anybody have ASA5585s that run stable? Mine aren't doing anything
> crazy; pushing 120megabit/sec on the outside int with around 35000
> connections, and about 275 static NAT translations for an e-com web
> farm; the exact same config was very stable on a pair of 5540s for
> years, until we "upgraded" to 5585s.
>
> Cisco Adaptive Security Appliance Software Version 8.2(5)17
>
> Compiled on Fri 28-Oct-11 17:09 by builders
> Hardware:   ASA5585-SSP-10
> Crashinfo collected on 09:12:57.554 EST Mon Nov 28 2011
>
> Traceback:
> 0: 0x8061c83
> 1: 0x8062797
> 2: 0x8af4cc5
> 3: 0xff6a86d5
> 4: 0xff57b1e0
> 5: 0x81dd98b
> 6: 0x81dc88a
> 7: 0x8af0a28
> 8: 0x8af9f62
> 9: 0x8afeb47
> 10: 0xff6a3a1c
> 11: 0xff61f7d7
>
> --
> deny ip any any (4393649193 matches)
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list