Guest

Preview Tool

Cisco Bug: CSCvv87496 - ASA cluster members 2048 block depletion due to "VPN packet redirect on peer"

Last Modified

Oct 12, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

9.14(1)

Description (partial)

Symptom:
The 2048 block is depleted and hold up mostly by "VPN packet redirect on peer"

Here's an example output:

------------------ show blocks ------------------

  SIZE    MAX    LOW    CNT  INUSE   HIGH
     0   8700   8669   8700      0     31
     4   1700   1699   1699      0      0
    80   9000   8976   9000      0      1
   256  10700  10523  10695      0    172
  1550  37434  32971  36786 26183125 26183128
  2048   8300      0      0      0      0
  2560   8192   8191   8192      0      1
  4096    100     99    100      0      1
  8192    100     97    100      0      1
  9344  20000  19893  20000      0     74
 16384    340    338    340      0      0

------------------ show blocks queue history detail ------------------

History buffer memory usage: 3744 bytes (default)
History analysis time limit: 100 msec
Each Summary for User and Queue_type is followed by its top 5 individual queues
Blocks shown below are used blocks

Analysis elapsed time: 6417 usec
Snapshot created at 09:22:24 BRT Aug 28 2020
Block Size: 2048
Blk_cnt Last_Op Queue_Type Id/Interface User Context
8074 get VPN packet redirect on peer <na> <na>

0x00007f2fc02c6218: 00 00 f8 0f 6f 8b a5 3c 84 78 ac 67 8b f9 81 00 | ....o..<.x.g....
0x00007f2fc02c6228: 20 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 | ...............
0x00007f2fc02c6238: 00 00 00 00 00 00 00 00 00 00 84 78 ac 67 f8 0f | ...........x.g..
0x00007f2fc02c6248: 6f 8b a5 3c 84 78 ac 67 8b f9 81 00 20 02 08 00 | o..<.x.g.... ...
0x00007f2fc02c6258: 45 28 06 00 63 84 00 00 3a 11 1e 28 bd 28 ac 35 | E(..c...:..(.(.5
0x00007f2fc02c6268: 0a 6d 85 4e 08 68 08 68 05 ec 00 00 30 ff 05 dc | .m.N.h.h....0...

Conditions:
This network setup is clustering and S2S VPN is configured
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.