Guest

Preview Tool

Cisco Bug: CSCvt51987 - Traffic outage due to 80 size block exhaustion on the ASA FPR9300 SM56

Last Modified

Sep 18, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(3.2) 9.12(3.9) 9.13(1.7)

Description (partial)

Symptom:
Traffic outage seen after putting device on production environment.

The 'show blocks' output shows 0 available 80 size blocks:
ASAi# show blocks
  SIZE    MAX    LOW    CNT
     0   8700   8690   8700
     4   1700   1699   1699
    80  10664      0      0 <<<
   256  49612  18948  28833
  1550  37674  37477  37520
  2048   8100   8099   8100
  2560   8192   8174   8192
  4096    100    100    100
  8192    100    100    100
  9344  20000  20000  20000
 16384    340    340    340
 65536     16     16     16

ASA is generating %ASA-3-321007 syslog message:
Mar 18 06:52:06 10.0.18.22 : %ASA-3-321007: System is low on free memory blocks of size 80 (0 CNT out of 9000 MAX)

Conditions:
This issue affect only FPR9300 with SM56
AnyConnect is configured and sessions with DTLS are established.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.