garyoh
asked on
Cisco ASA 5505 restarting itself
I have a CIsco ASA 5505 installed at a client and they claim it is resetting/restarting itself all on it's own accord. They say this occurs with a growing frequency. I'd like to log events to see what causes the failures, but I don't know how without the ASDM and I cannot find this.
Is it possible the log is full and causing this? If so, how would I clear it?
Is it possible the 10 user VPN license is maxing out with too many users now and causing this?
Any help would be appreciated.
Is it possible the log is full and causing this? If so, how would I clear it?
Is it possible the 10 user VPN license is maxing out with too many users now and causing this?
Any help would be appreciated.
ASKER
Good question. I'll find out. I know it is down south where it has been very hot lately. But the offices are air conditioned. Have you seen this be a problem?
First thing to check is the power connectors. Be sure everything is plugged in tight and hopefully the unit is on the same UPS as other equipment they would miss if the power went off.
Put a hand on the power brick and check it's temperature, sometimes they overheat and fail. Listen to the power unit. It is a switching type power supply and they can get flakey.
ASDM is available by going to the IP address of the 5505 using a web browser. I fairly sure you need to use https like this:
https://192.168.1.1 (or whatever the IP of the 5505 is).
Once you are logged in check the log and see if there are errors or just a bunch of restarts.
I doubt it is logging or VPN usage that is causing this problem. Likely a power or temperature problem.
Put a hand on the power brick and check it's temperature, sometimes they overheat and fail. Listen to the power unit. It is a switching type power supply and they can get flakey.
ASDM is available by going to the IP address of the 5505 using a web browser. I fairly sure you need to use https like this:
https://192.168.1.1 (or whatever the IP of the 5505 is).
Once you are logged in check the log and see if there are errors or just a bunch of restarts.
I doubt it is logging or VPN usage that is causing this problem. Likely a power or temperature problem.
No device reload cann't happen due to log buffer full or maximum vpn user session . Mostly problem is electricity first check the electricity port .Then check whether temperature is normal .
Did you getting crashinfo log in ASA flash ?
Did you getting crashinfo log in ASA flash ?
Yes I seen the 5505 working to 40 Celsius good, and after reset itself...
If you want more IPSEC sessions you need security plus license
If you want more IPSEC sessions you need security plus license
The most common problem of an ASA restarting is memory
Did you updated ASA's memory with non cisco memory?
Try changing its memory
Did you updated ASA's memory with non cisco memory?
Try changing its memory
ASKER
sudeep, I can l ogin to the ASDM without problem. Sometimes the unit just seems to go off and then on. I am not in that location but can tell when the unit recycles as my Remote Desktop Session just closes. I am checking the environment with a local person.
astergiou: I didn't upgrade the memory. Do you suppose it needs addtional memory? How would I know?
sudeep: I am not sure where to extract the log to a file so I can review offline. Where would I find that? Sorry, but I've never had to do this.
astergiou: I didn't upgrade the memory. Do you suppose it needs addtional memory? How would I know?
sudeep: I am not sure where to extract the log to a file so I can review offline. Where would I find that? Sorry, but I've never had to do this.
"but can tell when the unit recycles as my Remote Desktop Session just closes"
I would think that is completely normal since you are most likely connected to the RDP server via the 5505.
Rule out power problems first. This is a universal rule of troubleshooting any electrical device, especially ones that go on and off.
I would think that is completely normal since you are most likely connected to the RDP server via the 5505.
Rule out power problems first. This is a universal rule of troubleshooting any electrical device, especially ones that go on and off.
how many is the free memory, and plese provide us 'sh ver'
ASKER
Show ver
Result of the command: "show ver"
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"
AS5505A up 1 hour 22 mins
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.0 3
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.0 5
0: Int: Internal-Data0/0 : address is 0021.a0ca.5595, irq 11
1: Ext: Ethernet0/0 : address is 0021.a0ca.558d, irq 255
2: Ext: Ethernet0/1 : address is 0021.a0ca.558e, irq 255
3: Ext: Ethernet0/2 : address is 0021.a0ca.558f, irq 255
4: Ext: Ethernet0/3 : address is 0021.a0ca.5590, irq 255
5: Ext: Ethernet0/4 : address is 0021.a0ca.5591, irq 255
6: Ext: Ethernet0/5 : address is 0021.a0ca.5592, irq 255
7: Ext: Ethernet0/6 : address is 0021.a0ca.5593, irq 255
8: Ext: Ethernet0/7 : address is 0021.a0ca.5594, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10 <--this puzzles me. I thought this was unlimited inside.
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
Configuration has not been modified since last system restart.
Result of the command: "show ver"
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"
AS5505A up 1 hour 22 mins
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.0
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.0
0: Int: Internal-Data0/0 : address is 0021.a0ca.5595, irq 11
1: Ext: Ethernet0/0 : address is 0021.a0ca.558d, irq 255
2: Ext: Ethernet0/1 : address is 0021.a0ca.558e, irq 255
3: Ext: Ethernet0/2 : address is 0021.a0ca.558f, irq 255
4: Ext: Ethernet0/3 : address is 0021.a0ca.5590, irq 255
5: Ext: Ethernet0/4 : address is 0021.a0ca.5591, irq 255
6: Ext: Ethernet0/5 : address is 0021.a0ca.5592, irq 255
7: Ext: Ethernet0/6 : address is 0021.a0ca.5593, irq 255
8: Ext: Ethernet0/7 : address is 0021.a0ca.5594, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10 <--this puzzles me. I thought this was unlimited inside.
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
Configuration has not been modified since last system restart.
ASKER
show mem:
Result of the command: "show mem"
Free memory: 193286776 bytes (72%)
Used memory: 75148680 bytes (28%)
------------- ----------------
Total memory: 268435456 bytes (100%)
Result of the command: "show mem"
Free memory: 193286936 bytes (72%)
Used memory: 75148520 bytes (28%)
------------- ----------------
Total memory: 268435456 bytes (100%)
Result of the command: "show mem"
Free memory: 193286776 bytes (72%)
Used memory: 75148680 bytes (28%)
------------- ----------------
Total memory: 268435456 bytes (100%)
Result of the command: "show mem"
Free memory: 193286936 bytes (72%)
Used memory: 75148520 bytes (28%)
------------- ----------------
Total memory: 268435456 bytes (100%)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So let me get this straight. If more than 10 internal users attempt to use this router it shuts down and restarts?
Several people have been trying to get me to drop my long standing objection to Cisco products as overpriced POS by citing the value and ease of use of the ASA 5505. I have been working with one of these units and user count is not something that stood out. My only issue was the lack of a standards based web interface. Routers should only limit internal hosts based on IP address rules, not some "marketing feature".
If this device ceases to function when an arbitrary number is crossed it sets a NEW low for the people that took a 4 click firmware upgrade to over 30 clicks.
WOW!
Several people have been trying to get me to drop my long standing objection to Cisco products as overpriced POS by citing the value and ease of use of the ASA 5505. I have been working with one of these units and user count is not something that stood out. My only issue was the lack of a standards based web interface. Routers should only limit internal hosts based on IP address rules, not some "marketing feature".
If this device ceases to function when an arbitrary number is crossed it sets a NEW low for the people that took a 4 click firmware upgrade to over 30 clicks.
WOW!
How many is the temperature in the environment?