Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


ASA 5505 Stops accepting connections

Hope someone can help me on this.  I'm out of ideas.  A client has an ASA 5505 with a base license.  The version information and configuration is attached.  In 8 hours, sometimes less and infrequently more, it becomes inaccessible.  All connections are dropped and the only way to access the device is through a console connection.  The WAN interface (VLAN 3) is connected to Verizon FIOS.  The interface was set to 100 MBps and full duplex, but I just changed it to auto on both the speed and duplex to see what would happen.  The LAN interface (VLAN 1) is also set to 100 MBps and full duplex  It has not been changed.

The last time it happened logging was running, but nothing in the log indicated a problem.  In fact, the last log entry was a couple of hours before the lockup (there's little or no traffic on the ASA while the problem is being diagnosed).

So, my question isn't necessarily, "What's happening and how do I fix it?"  Of course, if someone knows, please, tell me.  What I would really like to know is how to troubleshoot it.  If the problem is not showing up in the logs, what are my other options?


ASA 5505 Stops accepting connections

Hi Anthony,

I suggest that you enable logging on external logging server, and set the logging to debug level.

So if the problem will happen again, you can see the logs in details.




ASA 5505 Stops accepting connections

Thanks for the suggestion, Mohammed.  I had already done what you suggested. 


Re: ASA 5505 Stops accepting connections

Here is some additional information on the issue detailed here.  The disconnects are still happening.  This morning while the ASA was inaccessible, I initiated a console session with the ASA, cleared ARP and pinged the WAN gateway.  This is a FIOS connection as previously mentioned.  The ping was successful.  I was then immediately able to make an SSH connection over the WAN from a remote workstation.

It would seem that the FIOS upstream router is terminating the connection or maybe the ASA is terminating the connection when there is no activity.  I read a post where a user used a NTP connection to keep an IPsec tunnel up (periodic requests to the NTP server kept traffic following).  However, this ASA already has an NTP connection to, so that does not appear to be enough to keep the connection active.

Anyone have any input on FIOS and ASA 5505 compatibility?  Any ideas, assuming this is the problem, on how to keep the connection active?  I want to see this disconnect, ping to the WAN gateway and re-establishment of WAN connectivity happen several more time to ensure this is the single issue here, but it does look promising.

Note: In a earlier version of this post, I failed to mention that ARP was first cleared.  Obviously, that affects connectivity because the ping to the WAN gateway fails unless ARP is first cleared.