Cisco Bug: CSCuo95074 - ASA AnyConnect failure or crash in SSL Client compression with low mem

Last Modified

Apr 16, 2020

Products (1)

Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.2(1)

Description (partial)

Symptom:
AnyConnect clients are able to connect, but get immediately disconnected. The following are seen in syslogs:

%ASA-6-725007 SSL session with remote_device interface_name : IP_address / port terminated.
%ASA-6-722023: Group group User user-name IP IP_address SVC connection terminated with compression
%ASA-6-716058: Group group User user IP ip AnyConnect session lost connection. Waiting to resume.
%ASA-5-722037: Group group User user-name IP IP_address SVC closing connection: Compression error. 
 %ASA-6-722027: Group group User user-name IP IP_address SVC decompression history reset
%ASA-6-716059: Group group User user IP ip AnyConnect session resumed. Connection from ip2 .
%ASA-3-722021: Group group User user-name IP IP_address Unable to start compression due to lack of memory resources

ASA can also crash  with traceback pointing to "ssl_compress_record" when low memory is observed.

Conditions:
Compression is configured for AnyConnect.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts