[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2079
  • Last Modified:

Cisco ASA 5505 restarting itself

I have a CIsco ASA 5505 installed at a client and they claim it is resetting/restarting itself all on it's own accord. They say this occurs with a growing frequency. I'd like to log events to see what causes the failures, but I don't know how without the ASDM and I cannot find this.

Is it possible the log is full and causing this? If so, how would I clear it?

Is it possible the 10 user VPN license is maxing out with too many users now and causing this?

Any help would be appreciated.
  • 5
  • 3
  • 3
  • +2
1 Solution
Istvan KalmarHead of IT Security Division Commented:

How many is the temperature in the environment?
garyohAuthor Commented:
Good question. I'll find out. I know it is down south where it has been very hot lately. But the offices are air conditioned. Have you seen this be a problem?
First thing to check is the power connectors. Be sure everything is plugged in tight and hopefully the unit is on the same UPS as other equipment they would miss if the power went off.

Put a hand on the power brick and check it's temperature, sometimes they overheat and fail. Listen to the power unit. It is a switching type power supply and they can get flakey.

ASDM is available by going to the IP address of the 5505 using a web browser. I fairly sure you need to use https like this:  (or whatever the IP of the 5505 is).

Once you are logged in check the log and see if there are errors or just a bunch of restarts.

I doubt it is logging or VPN usage that is causing this problem. Likely a power or temperature problem.

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

No device reload cann't happen due to log buffer full or maximum vpn user session . Mostly problem is electricity first check the electricity port .Then check whether temperature is normal .

Did you getting crashinfo log in ASA flash ?

Istvan KalmarHead of IT Security Division Commented:
Yes I seen the 5505 working to 40 Celsius good, and after reset itself...

If you want more IPSEC sessions you need security plus license
The most common problem of an ASA restarting is memory

Did you updated ASA's memory with non cisco memory?
Try changing its memory
garyohAuthor Commented:
sudeep, I can l ogin to the ASDM without problem. Sometimes the unit just seems to go off and then on. I am not in that location but can tell when the unit recycles as my Remote Desktop Session just closes.  I am checking the environment with a local person.

astergiou: I didn't upgrade the memory. Do you suppose it needs addtional memory? How would I know?

sudeep: I am not sure where to extract the log to a file so I can review offline. Where would I find that? Sorry, but I've never had to do this.
"but can tell when the unit recycles as my Remote Desktop Session just closes"

I would think that is completely normal since you are most likely connected to the RDP server via the 5505.

Rule out power problems first. This is a universal rule of troubleshooting any electrical device, especially ones that go on and off.
Istvan KalmarHead of IT Security Division Commented:
how many is the free memory, and plese provide us 'sh ver'
garyohAuthor Commented:
Show ver
Result of the command: "show ver"

Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)

Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "disk0:/asa724-k8.bin"
Config file at boot was "startup-config"

AS5505A up 1 hour 22 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CNlite-MC-Boot-Cisco-1.2
                             SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
 0: Int: Internal-Data0/0    : address is 0021.a0ca.5595, irq 11
 1: Ext: Ethernet0/0         : address is 0021.a0ca.558d, irq 255
 2: Ext: Ethernet0/1         : address is 0021.a0ca.558e, irq 255
 3: Ext: Ethernet0/2         : address is 0021.a0ca.558f, irq 255
 4: Ext: Ethernet0/3         : address is 0021.a0ca.5590, irq 255
 5: Ext: Ethernet0/4         : address is 0021.a0ca.5591, irq 255
 6: Ext: Ethernet0/5         : address is 0021.a0ca.5592, irq 255
 7: Ext: Ethernet0/6         : address is 0021.a0ca.5593, irq 255
 8: Ext: Ethernet0/7         : address is 0021.a0ca.5594, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8        
VLANs                       : 3, DMZ Restricted
Inside Hosts                : 10     <--this puzzles me. I thought this was unlimited inside.      
Failover                    : Disabled
VPN-DES                     : Enabled  
VPN-3DES-AES                : Enabled  
VPN Peers                   : 10        
WebVPN Peers                : 2        
Dual ISPs                   : Disabled  
VLAN Trunk Ports            : 0        

This platform has a Base license.

Configuration has not been modified since last system restart.
garyohAuthor Commented:
show mem:
Result of the command: "show mem"

Free memory:       193286776 bytes (72%)
Used memory:        75148680 bytes (28%)
-------------     ----------------
Total memory:      268435456 bytes (100%)

Result of the command: "show mem"

Free memory:       193286936 bytes (72%)
Used memory:        75148520 bytes (28%)
-------------     ----------------
Total memory:      268435456 bytes (100%)
garyohAuthor Commented:
looks like the users license issue was the problem after all. Not the vpn licenses, but the IP addresses for this machine are the problem. Itt's fixed now.
So let me get this straight. If more than 10 internal users attempt to use this router it shuts down and restarts?

Several people have been trying to get me to drop my long standing objection to Cisco products as overpriced POS by citing the value and ease of use of the ASA 5505. I have been working with one of these units and user count is not something that stood out. My only issue was the lack of a standards based web interface. Routers should only limit internal hosts based on IP address rules, not some "marketing feature".

If this device ceases to function when an arbitrary number is crossed it sets a NEW low for the people that took a 4 click firmware upgrade to over 30 clicks.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now