Cisco Firewall :: ASA5510 - LU Allocate Xlate Failed / Add More Memory
Sep 13, 2011
I got an asa5510. After problems with ipsec connections the log said :
LU allocate xlate failed this error repeats every minute. At the cisco site i found the following :
explantion : stateful failover failed to allocate a translation (xlate) slot record recommended Action : check the available memory by using the show memory command to make sure that the security appliance had free memory in the system. If no memory is available, add more memory
But when i do there is free memory. (about 54%)
What can i do to fix this ?
View 2 Replies
ADVERTISEMENT
Oct 10, 2011
we have two ASA 5520, on the failover unit is showing LU allocate xlate failed. We read on [URL] that it could be a memory problem , but have cheked it and we have 85% of memory free on both nodes. We also can see all xlate on failover unit.
We have forced failover this evenig and we can´t stablish outbound connexions by outside interface, we think xlates or nat cant work properly.
View 5 Replies
View Related
Mar 24, 2010
We just had an issue with our failover unit reloading. In perusing the logs there were a number of %ASA-3-210007:
LU allocate x late failed, errors prior to the reload. These units had just had their OS upgraded to fix a DOS issue a few weeks ago. I have not seen the error since it reloaded. However, I was asked to report the issue just in case it is a bug in the new version of the OS.Two units in failover.
Cisco Adaptive Security Appliance Software Version 8.0(5)9 Device Manager Version 6.0(2). Compiled on Mon 01-Feb-10 10:36 by buildersSystem image file is
"disk0:/asa805-9-k8.bin"Config file at boot was "startup-config"
CP-ASA up 17 days 21 hoursfailover cluster up 17 days 22 hours
[code]....
View 1 Replies
View Related
Oct 9, 2012
I am currently getting a strange error when trying to use and crypto services on our ASA 5520 (8.0.3)Initially I observed that a connected VPN had dropped.Then when I attempted to use ASDM or SSH I was blocked.
In the end I opened telnet as a test and this was successful. Syslog also shows that traffic is passing as normal.The only obvious error I can see when observing various debug traces is this;
FW02# CTM: rsa session with no priority allocated @ 0xCF1FBBA0
CTM: Session 0xCF1FBBA0 uses a nlite (Nitrox Lite) as its hardware engine
CTM: rsa context allocated for session 0xCF1FBBA0
CTM: rsa session with no priority allocated @ 0xCE7A5EA8
[code]....
View 5 Replies
View Related
Jun 7, 2011
We saw this syslog on ASA5585 with version 8.4(1). I have two HA firewall pairs (contains 4 ASA5585, active/standby), and I saw this message on the standby ones.
Jun 7 07:36:26 10.99.96.32 last message repeated 4 times
Jun 7 07:36:26 10.99.96.32 :Jun 07 07:36:26 HKST: %ASA-ha-3-210005: LU allocate connection failed
[Code]....
View 4 Replies
View Related
Feb 17, 2013
Customer is running ASA 5550 with software 8.2.5 version.
They continously get the below messages
%ASA-3-210005: LU allocate connection failed
%ASA-3-210007: LU allocate xlate failed
I have already searched in the forums and also BUG toolkit, These issue has either been resolved in prior relases or in 8.4 .x train. I didnt find any bug which says that it has been found in 8.2.5 release.
I have also run "show conn count" and "show xlate count" I see these is difference in count output.
From Standby
COGINBLRMBPB1INTF1# show conn count
6097 in use, 17220 most used
COGINBLRMBPB1INTF1# sh xlate count
[Code].....
View 2 Replies
View Related
Nov 3, 2012
How to allocate bandwidth for a certain host or service in Cisco ASA 5510 Firewall using ASDM? For instance, I would like to dedicate 2MB for H323 service (Video Conference Call).
View 1 Replies
View Related
Feb 22, 2012
i have cisco ASA 5510 Firewall using in my network, i have planning to upgrade the Flash memory from 256 mb to 512 mb and the RAM from 256 mb to 1GB.
View 1 Replies
View Related
Nov 7, 2011
I tried last night to upgrade the memory in my old 5510. It's about 5 years old and has the single memory socket. I followed the instruction included in the kit:
Mfr. Part#: ASA5510-MEM-1GB
I did wear an ESD wrist strap (genuine Cisco at that!) and ensured the memory was fully seated, the handles locked in.Upon restarting the ASA, for over 15 minutes, it stayed in mode: Power LED steady, Status LED flashing, other LEDs off. No response to attempts to SSL via Putty. I powered it off, verified the memory was indeed fully seated, and re-installed the original 256 MB module. It powered up normally in less than 5 minutes. Is there anything else to try before returning the memory? Tonight, I can try the same new memoy module and see if it works.
View 3 Replies
View Related
Oct 3, 2011
When I try to save the configuration it displays the following error.Is it due to insufficient memory?
MPF-ASA#wr mem
ERROR: % Unrecognized commandMPF-ASA(config)# wr memBuilding configuration...Cryptochecksum: 81c514b8 9e95ee97 8b512148 b31377a4
[Code]...
View 1 Replies
View Related
Jun 14, 2012
I have two interfaces connected to two different subnet - interface 0/1 = 10.100.1.0/24 , interface0/2 = 10.100.113.0/24 as they are direct connected to the ASA i assume i dont need to add an static route but when i try to ping from one interface to the other (ping inside 10.100.113.1) i get "Routing failed to locate next hop". [code]
View 1 Replies
View Related
Apr 27, 2009
I would swear this worked at one point. I have a corporate office, and I have IPSec tunnels out to my outside offices. The corporate office has an ASA5510, and most of the remote offices are running off of Pix506s, one office has an ASA5505.
When anyone connects through WebVPN, using AnyConnect or not, they can contact any of the cifs shares for servers inside the corporate office. They cannot, however, contact cifs shares on servers that are in the remote offices.
View 4 Replies
View Related
May 22, 2012
See the error below on my ASA5510.
305006 200.200.0.34 53 portmap translation creation failed for udp src inside:192.168.1.4/1047 dst outside:200.200.0.34/53
The first two computers work normally( IP 2 and 3) , but the third computer gets ip does not work on the Internet.
View 2 Replies
View Related
Sep 7, 2011
I have an issue bringing up my RMA'd primary ASA unit.
So what happened so far:
1. primary unit failed
2. secondary took over and is now secondary - active (as per sh fail)
2. requested RMA at Cisco
3. got ASA and checked that Lic (SSL), OS (8.2.2) and ASDM are at the same level as the secondary
4. issued wr erase and reloaded
5. copied the following commands to the new (RMA) primary unit:
failover lan unit primary
failover lan interface Failover Ethernet3
failover interface ip Failover 172.x.x.9 255.255.255.248 standby 172.x.x.10
int eth3
no shut
failover
wr mem
6. installed primary unit into rack
7. plugged-in all cables (network, failover, console and power)
8. fired up the primary unit
9. expected that the unit shows:
Detected an Active mate
Beginning configuration replication from mate.
End configuration replication from mate.
10. but nothing happened on primary unit
What is a valid and viable approach in replacing a failed primary unit? Is there a missing step that hinders me to successfully replicate the secondary - active config to the primary - standby unit.
I was not able to find anything related to ASA55xx primary unit replacement with a clear guideline or step by step instructions.
View 10 Replies
View Related
Feb 6, 2012
Do you now if it is possible to disable the xlate for some connection?
The ASA has some concurrent session limitation that, I think, is related to xlate connections.
As my firewall is not performing any kind of NAT, is it possible to disabe xlate for some connections.
I saw some options like nat exemption, but i not sure if the xlate still being create even if we don't have a NAT translation.
View 3 Replies
View Related
Jan 15, 2008
I have a strange problem which looks to me like a DOS attack from the inside..but I cant be sure.
Symptoms:
All xlate connections used within hours.
Xlate connections start with all our servers across our WAN before moving onto all workstations.
No viruses have been found.
Looked in syslog and I cant find one single outside IP that seems to be a possible source.
View 7 Replies
View Related
Apr 2, 2012
I am running IOS version 8.0(5) in cisco ASA 5520. This issue i am facing is that when the memory utilzation reaches 49 percent, the web-vpn users are not able to login as they are getting a blank page. The only error which is getting in the output " sh mem webvpn allobjects" is ERROR: Memory allocation failed?
View 2 Replies
View Related
Nov 27, 2011
What is the impact of disabling xlate in FWSM
We have dynamic NAT configured from inside to outside interface, but still it is showing NAT entry as below.
"NAT from inside:177.26.99.10 to outside:177.26.99.10 flags Ii"
Expected NAT entry should as below :
"NAT from inside:177.26.99.10 to outside:111.111.111.111 flags Ii"
We were considering implementing "ip verify revert-path" .Hence here i am thinking whether xlate-bypass is the issue here and implementing same with "ip verify revert-path" woud be a good idea.
View 1 Replies
View Related
Oct 25, 2012
Recently i atsrt having problems with my cisco router 1811/k9, apparently was booting continiosly when restarted.
After i connected my console i found the problem while booting:
DDR memory test failed. Resetting the router ...
I tried to contact cisco TAC, but i need a reseller contract number to place a ticket, i do not have a resller contract number as my router was bought more than two years ago. I called cisco support and they told me to contact my reseller, my reseller told me to contact cisco so i am in a eternal loop of forwarding phone calls...
View 1 Replies
View Related
Feb 26, 2012
I have ASA that just started to reboot through out the day yesterday. It seems to happen every few hours but not in a pattern.Right before it reboots there is a flood of sys log id 305006 messages "portmap translation creation failed for tcp src inside:xxx dst outside:xxx the xlats go from around 2-3k to about 30+k then crash.Memory ussage is already pretty high normally on this device (about %75 used) CPU is around %15-20 I notice that the portmap translation errors are always from 3 inside host.
View 4 Replies
View Related
Oct 31, 2011
We have a Cisco 881 router, which is crashing. We have seen that the ARP cache fills up so much it causes things to crash, our phones go down.. We dont know why this however IP CEF seems to be doing it, when we disable it goes away however disabling IP CEF causes our L2TP tunnel to become inoperable also. So why does IP CEF cause thousands of AR entries and how can we limit that!? Below is the error, sample of the ARP cache and our config. You will notice we also have a /31 given to us on WAN interface, this was given to us by our service provider. This is really strange I cant find other examples on internet.
The error:
Nov 1 04:21:57.474: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x81F083F4, alignment 16
Pool: Processor Free: 55176 Cause: Not enough free memory
Alternate Pool: I/O Free: 2352 Cause: Not enough free memory
[code]....
View 2 Replies
View Related
Jan 27, 2013
How to schedule automatic Xlate sessions cleaning in ASA5550. I want to clear few global nat sessions manually every week.Is there any way to automate that?
View 1 Replies
View Related
Oct 10, 2012
I have the ASA5520, everyday I have a lot of connections through my ASA5520. But buffer in ASA5520 to save connections is limited. Now, I want my ASA can auto save the conn detail and Xlate to my Syslog server, how can i do that?
View 3 Replies
View Related
Dec 23, 2012
I have FWSM running version 3.2(23) , configured with interface vlans , all having the same security level , except outside interface vlan which has security level 0 , also same-security-traffic permit inter-interface and same-security-traffic permit intra-interface are configured, my problem is when establishing sessions (I tried TCP only using ssh and telnet , in addition of ping ) from one specific vlan (172.16.1.0/28) to other vlan (172.16.1.16/28) , I can not see the established sessions in "show xlate debug" output ! although I can see these sessions from capture ! the two subnets are separate , two different /28.
I can see the session established from the remaining interface vlans with same security level toward 172.16.1.16/28 , my question is what is the exception with vlan having this subnet172.16.1.0/28, how it can reach other vlan with subnnet 172.16.1.16/28 without showing anything in xlate table ? do you thing it is bug ?
View 3 Replies
View Related
Mar 9, 2013
We recently installed Cisco 6509-E with dual Sup 720-BXL. We are using this switch on internet Edge. Internet connection is terminating on 10GIG fiber port.We do have following line cards installed.
1. 10 GIG * 4 port line card
2. 1 GIG * 8 port line card
3. Empty
4. Empty
5. Sup 720-3BXL
6. Sup 720-3BXL
7. 1 GIG * 48 ports
8. 1 GIG * 48 ports
9. 1 GIG * 48 ports
We do have 2 GB internet pipe.We are running load test sending http port 80 request and when load reach to arround 100 to 200 mbps and connections from out side to inside 80,000 switch start reponding very very slow and start packet loss and when I try to ping from one server to second server it show normal ping but if I tried to ping gateway IP of server which is SWITCH IP it show packet loss and very high letancy.
Switch also throw message "No memory available: Update of NVRAM configuration failed"
View 7 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Mar 5, 2013
I have ordered RP2 and it will be having 8GB default memory. What is the difference between memory & Physical memory?Since I am able to see only 4GB memory in my ASR 1004. [code]
View 1 Replies
View Related
Jun 15, 2011
it is possible use 1 or 2 Gb memory with ASA 5505 or only 512 Mb ?
View 3 Replies
View Related
Jul 6, 2011
I've deployed many Cisco PIX 501 v6.3.3 either as normal firewalling feature and/or with VPN features enabled. I noticed in all my deployments, regardless if it's during peak hours or after office hours, the memory utilization is always consistent 11MB utilized over the total of 16MB(memory default size).
View 3 Replies
View Related
May 12, 2011
Need this file to erase my flash memory?
View 2 Replies
View Related
Oct 3, 2011
I have an ASA that is logging the message %ASA-3-321007: system is low on free memory blocks of size 2048. I ran the "show blocks" command and the "Cnt" value for the 2048 blocks is 0. How do I reclaim these blocks and what are they used for?
View 1 Replies
View Related
Jan 30, 2012
I am trying to get experience with 8.4 code on my 5505. I purchased a Cisco 512MB memory upgrade and installed it. It booted up once and I thought I was ok. I then looked down and noticed that all lights were blinking on the front panel and I had no console access.
[code]...
View 5 Replies
View Related
Nov 14, 2012
We have a customer that has a ASA 5525-x reporting only 4g flash memory rather than 8g has any 4g version of the 5525 or is the IOS reporting incorrectly the size, as it seems to be embedded on these units as a USB disk internal.
View 4 Replies
View Related
