Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
2
Replies

Packet Loss after Reboot of ASA 5510

Mitchell Tuckness
Level 1
Level 1

‎04-26-2015 08:35 AM - edited ‎03-11-2019 10:50 PM

Hi all,

 

I have an ASA and a 2811 behind it and I had to replace a battery on a UPS so I had to take down the network to do it. Before doing it the network ran fine, but I did a WR MEM and a Copy RUNNING to STARTUP config thinking that the configs I had were fine. At some point in the past I must of made a change and never applied it and maybe it is causing the issue, but I am at a loss as to what is the cause. I am getting consistent packet loss from the ASA out. Any address I ping on the inside is clear and quick. Also, I do not know if it is related, but I cannot get results from TRACE ROUTES and I believe I used to.

 

I have confirmed the PL is related to my network, if I plug the static IP info from the provider in to a laptop, it is clear. I am at my wits end, and I know just enough to be dangerous, so any help would be appreciated.

 

Here are my configs:

ASA5510# sh run
: Saved
:
ASA Version 9.1(4)
!
hostname ASA5510
domain-name m.int
enable password encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd  encrypted
names
dns-guard
!
interface Ethernet0/0
 description LAN Interface
 nameif Inside
 security-level 100
 ip address 10.10.1.1 255.255.255.252
!
interface Ethernet0/1
 description WAN Interface
 nameif Outside
 security-level 0
 ip address 68.233.x.x 255.255.255.128
!
interface Ethernet0/2
 description DMZ
 nameif DMZ
 security-level 100
 ip address 10.10.0.1 255.255.255.252
!
interface Ethernet0/3
 description VOIP
 nameif VOIP
 security-level 100
 ip address 10.10.2.1 255.255.255.252
!
interface Management0/0
 management-only
 shutdown
 nameif management
 security-level 0
 no ip address
!
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup Inside
dns domain-lookup Outside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4
 name-server 68.233.xx.5
 name-server 68.233.xx.6
 domain-name m.int
same-security-traffic permit inter-interface
object network ROUTER-2811
 host 10.10.1.2
object network ROUTER-2821
 host 10.10.0.2
object network WEBCAM-01
 host 192.168.1.5
object network DNS-SERVER
 host 192.168.1.2
object network ROUTER-3745
 host 10.10.2.2
object network RDP-DC1
 host 192.168.1.2
object network BLUE
 host 192.168.1.6
 description Blue Iris Server
object network M_LAP_LEA
 host 192.168.1.20
 description Laptop from LEA
object-group network PAT-SOURCE
 network-object 10.10.1.0 255.255.255.252
 network-object 10.10.0.0 255.255.255.252
 network-object 10.10.2.0 255.255.255.252
 network-object 192.168.0.0 255.255.255.0
 network-object 172.16.10.0 255.255.255.0
 network-object 172.16.20.0 255.255.255.0
 network-object 128.162.1.0 255.255.255.0
 network-object 128.162.10.0 255.255.255.0
 network-object 128.162.20.0 255.255.255.0
 network-object 192.168.1.0 255.255.255.0
 network-object 192.168.10.0 255.255.255.0
 network-object 192.168.20.0 255.255.255.0
 network-object 172.16.1.0 255.255.255.0
 network-object 162.128.1.0 255.255.255.0
 network-object 162.128.10.0 255.255.255.0
 network-object 162.128.20.0 255.255.255.0
 network-object 142.16.1.0 255.255.255.0
 network-object 142.16.10.0 255.255.255.0
 network-object 142.16.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
 network-object host 98.22.xxx
object-group network Outside_access_in
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object gre
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-2811 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-2821 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.xxx interface Outside eq https
access-list Outside_access_in extended permit tcp host 98.22.xxx object WEBCAM-01 eq www inactive
access-list Outside_access_in extended permit tcp host 98.22.xxx object RDP-DC1 eq xxxx
access-list Outside_access_in extended permit tcp host 98.22.xxx object BLUE eq xxxx
access-list Outside_access_in extended permit tcp host 98.22.xxx object ROUTER-3745 eq ssh
access-list Outside_access_in extended permit tcp any object BLUE eq xxxx
access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
access-list dmz-access remark Permit ICMP to all devices in DC
access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access remark Permit ICMP to all devices in DC
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu DMZ 1500
mtu VOIP 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Outside
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network ROUTER-2811
 nat (Inside,Outside) static interface service tcp ssh x
object network ROUTER-2821
 nat (DMZ,Outside) static interface service tcp ssh x
object network WEBCAM-01
 nat (Inside,Outside) static interface service tcp www x
object network ROUTER-3745
 nat (VOIP,Outside) static interface service tcp ssh x
object network RDP-DC1
 nat (Inside,Outside) static interface service tcp xxxx xxxx
object network BLUE
 nat (Inside,Outside) static interface service tcp xxxx xxxx
!
nat (any,Outside) after-auto source dynamic any interface
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 68.233.151.1 1
route DMZ 128.162.1.0 255.255.255.0 10.10.0.2 1
route DMZ 128.162.10.0 255.255.255.0 10.10.0.2 1
route DMZ 128.162.20.0 255.255.255.0 10.10.0.2 1
route VOIP 142.16.1.0 255.255.255.0 10.10.2.2 1
route VOIP 142.16.10.0 255.255.255.0 10.10.2.2 1
route VOIP 142.16.20.0 255.255.255.0 10.10.2.2 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.10.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.20.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server PNL-RADIUS protocol radius
aaa-server PNL-RADIUS (Inside) host 192.168.1.2
 key *****
 radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Inside
http 98.22.xxx 255.255.255.255 Outside
snmp-server host Inside 192.168.1.2 community ***** version 2c udp-port 161
snmp-server location Lovington NM USA
snmp-server contact Mitchell Tuckness
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh 98.22.xxx 255.255.255.255 Outside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 24.56.178.140 source Outside prefer
username xxxx password x encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
  inspect icmp error
  inspect pptp
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
password encryption aes
hpm topN enable
Cryptochecksum:949189d67866f6c09450769d41649992
: end


_______________________________________________________

C2811#sh run
Building configuration...

Current configuration : 3925 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C2811
!
boot-start-marker
boot system flash
boot-end-marker
!
!
enable secret 4 DWJfYBf6KhkIRmhhIhx8ibAAXVGQWjwfuyzfaX4Im8M
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
!
!
ip domain name maladomini.int
ip name-server 192.168.1.2
ip name-server 8.8.8.8
ip name-server 68.233.xxx.x
ip name-server 68.233.xxx.x
no vlan accounting input
!
multilink bundle-name authenticated
!
!
password encryption aes
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1290569776
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1290569776
 revocation-check none
 rsakeypair TP-self-signed-1290569776
!
!
crypto pki certificate chain TP-self-signed-1290569776
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31323930 35363937 3736301E 170D3134 30313035 30363130
  33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32393035
  36393737 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B18F F63C5121 00785DE0 854601BA EE77DAA3 21286D8C 6E700C37 237CC1BE
  611023AF FBE04BBE 7B4B3233 E4E129DD A74604E5 62AA39BF 77F98D5D D63944E9
  2345AE37 D93C5753 E425E85A EB22C2C9 CFC5D1A0 F800449B 0419A5C8 A0A101EC
  02928172 7B30A609 71ADA3D4 68F4F484 AF2B3249 0E225DB2 C72C136A E670D761
  DDE30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 1461F6DE 8EF50F7B 0E46359F 421EA106 9375F65F 30301D06
  03551D0E 04160414 61F6DE8E F50F7B0E 46359F42 1EA10693 75F65F30 300D0609
  2A864886 F70D0101 05050003 81810049 BA55F695 8525265F ED2D77EE 8706BF10
  63A7E644 202F6663 9EA5551F 47F7FC50 D4021EDD E3DC5A80 39FD161A C337D20D
  71B98875 0F1FE887 649E81D3 F93F7A1B A1E18B99 A77B1A59 84DB4711 867913FD
  044084FB 651ECA6E C6EDF35C E43A2946 8C01781E 26DB9484 C8740A82 4A7CA266
  A0655526 CBCB4982 F30D68E9 D70753
        quit
!
!
license udi pid CISCO2811 sn FTX1041A07T
username admin secret 5 $1$iBeC$8dqYMcpTex8gtUfannzox.
username xxxx privilege 15 secret 4 DWJfYBf6KhkIRmhhIhx8ibAAXVGQWjwfuyzfaX4Im8M
!
redundancy
!
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
 description CONNECTION TO INSIDE INT. OF ASA
 ip address 10.10.1.2 255.255.255.252
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 description VLAN 10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip helper-address 192.168.1.2
 ip virtual-reassembly in
!
interface FastEthernet0/1.2
 description VLAN 20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip helper-address 192.168.1.2
 ip virtual-reassembly in
!
interface FastEthernet0/1.3
 description Trunk Interface VLAN 1
 encapsulation dot1Q 1 native
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 192.168.1.2
 ip virtual-reassembly in
!
interface Dialer0
 no ip address
!
ip default-gateway 10.10.1.1
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip route 0.0.0.0 0.0.0.0 10.10.1.1
ip ospf name-lookup
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
!
!
snmp-server community Maladomini-RW RW
!
tftp-server system:running-config 1
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 password 7 101D58415D361606050A147A
line aux 0
line vty 0 4
 exec-timeout 0 0
 password 7 0527031B2C49470758
 transport input ssh
!
scheduler allocate 20000 1000
end

_________________________________________________

2821:

C2821#sh run
Building configuration...

Current configuration : 4128 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C2821
!
boot-start-marker
boot system flash
boot-end-marker
!
!
enable secret 4 x
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
!
!
!
ip domain name maladomini.int
ip name-server 192.168.1.2
ip name-server 8.8.8.8
ip name-server 68.233.xxx.x
ip name-server 68.233.xxx.x
no vlan accounting input
!
multilink bundle-name authenticated
!
!
password encryption aes
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3335929422
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3335929422
 revocation-check none
 rsakeypair TP-self-signed-3335929422
!
!
crypto pki certificate chain TP-self-signed-3335929422
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33333335 39323934 3232301E 170D3134 30313135 30333537
  32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33333539
  32393432 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100AF6D 8C23745E 80AA83AC BE0243DD C8F8EC56 85BBE495 EF790354 B7E81921
  4C46CE35 F840420A 8385D3E3 B7B14EDF F4A8DB51 1A29E0ED A2704F69 9632ED7E
  5F66E546 486B2821 FB77266F 950D351E 13AA18FE 687643F6 FB9BF95F E56A0195
  19B8A7B6 7A582357 2517F08E 5E3BA197 2CD71E3E 32AB4B96 412E9AE3 1932A218
  7A1F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14A86115 C2CA9E15 399B2A9C 21585323 1E2F3D98 45301D06
  03551D0E 04160414 A86115C2 CA9E1539 9B2A9C21 5853231E 2F3D9845 300D0609
  2A864886 F70D0101 05050003 81810028 81D8F701 D6AFDC54 94A93185 1E5F4DAC
  4DBF50B7 30B57ABD D1612E69 D964B77A A379F55C 7E823F42 4D01440C B237DED9
  6B8047B7 0496D8BB BD7EAC18 E6ACA1B1 3B527172 4A7B0D7B 4A031168 F99B171D
  D217CB06 2F31E4DF FD9AC1C9 1199869A 34E90671 5611A6DA 7CC6A7B0 A39F78FB
  B3932E37 4B302779 E761DB00 AFA7CC
        quit
!
!
license udi pid CISCO2821 sn FTX1327AH7A
username x privilege 15 secret 4 x
!
redundancy
!
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 description CONNECTION TO INSIDE INT. OF ASA
 ip address 10.10.0.2 255.255.255.252
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description VLAN 10
 encapsulation dot1Q 10
 ip address 128.162.10.1 255.255.255.0
 ip helper-address 192.168.1.2
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
 description VLAN 20
 encapsulation dot1Q 20
 ip address 128.162.20.1 255.255.255.0
 ip helper-address 192.168.1.2
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
 description Trunk Interface VLAN1
 encapsulation dot1Q 1 native
 ip address 128.162.1.1 255.255.255.0
 ip helper-address 192.168.1.2
 ip virtual-reassembly in
!
interface Serial0/0/0
 no ip address
 shutdown
!
interface Serial0/1/0
 no ip address
 shutdown
!
interface Serial0/2/0
 no ip address
 shutdown
!
interface Dialer0
 no ip address
!
ip default-gateway 10.10.0.1
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip route 0.0.0.0 0.0.0.0 10.10.0.1
ip ospf name-lookup
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
!
!
snmp-server community Maladomini-RW RW
snmp-server host 192.168.1.2 version 2c Maladomini-RW  envmon cpu snmp
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 password 7 101D58415D361606050A147A
line aux 0
line vty 0 4
 exec-timeout 0 0
 password 7 15415A545C0B2F29213D0B73
 transport input ssh
!
scheduler allocate 20000 1000
end

 

 

_________________________________________________

 

POE Switch:

 

C3560#sh run
Building configuration...

Current configuration : 7368 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C3560
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$wzS5$Kl0aHmGjOrfNL8H8QN9gJ1
enable password 7 091F1F514124131F02023A7B
!
username mtuckness privilege 15 secret 5 $1$j68Z$ObA6K7Qc2Vsmyu479Hlh6/
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
clock timezone MST -7
system mtu routing 1500
ip domain-name maladomini.int
!
!
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-2488747392
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2488747392
 revocation-check none
 rsakeypair TP-self-signed-2488747392
!
!
crypto pki certificate chain TP-self-signed-2488747392
 certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32343838 37343733 3932301E 170D3933 30333031 30303031
  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383837
  34373339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B715 1CCA0EFB 6D550F27 A4B9F403 7D1CBCCE AB363F89 61AF4773 64351010
  AB866AA6 411463BC A7D9C6E3 0CA4EEEC 47C50D33 2F904AD1 8FC5B10B 8F204157
  FB5B3A4C 78BD4BDF 14F79CCC D9A0E10B 909BF5BA 095BB9AC 722197D4 3C2CB70B
  15D2A221 5FF8BC03 6A642B36 437B9E22 858BF597 F1844026 5DAF2114 EF75718D
  EC3B0203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
  551D1104 18301682 14433335 36302E6D 616C6164 6F6D696E 692E696E 74301F06
  03551D23 04183016 8014D364 9162E0D2 C7936513 1E1C677C 73D675EC 37FF301D
  0603551D 0E041604 14D36491 62E0D2C7 9365131E 1C677C73 D675EC37 FF300D06
  092A8648 86F70D01 01040500 03818100 2DE49969 2E9C7A81 E96B97A8 7E15BC69
  2DA62233 C958092D 2E51DD59 526DA795 CBFE219E 3536852A 5F71A90A BF5016E0
  F93FA6F7 55D9BA23 52A2858E B927E0FB B3DC6B20 28FBD64C 6FA956EC 3E6E8756
  F12F7182 538D13AE E343674E 41A1BDE1 A42579F2 8070FC92 5C805995 7BA25FA5
  3A89C4E5 C6B2D76F FF2C1CF9 6A8DF631
  quit
!
!
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
interface FastEthernet0/1
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport mode access
 spanning-tree portfast
!
Removed interfaces
!
interface GigabitEthernet0/1
 description CONNECTION TO 2821 ROUTER - TRUNK
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 ip address 128.162.1.3 255.255.255.0
 ip helper-address 192.168.1.2
 no ip route-cache
 no ip mroute-cache
!
interface Vlan10
 ip address 128.162.10.3 255.255.255.0
 ip helper-address 192.168.1.2
!
interface Vlan20
 ip address 128.192.20.3 255.255.255.0
 ip helper-address 192.168.1.2
!
ip default-gateway 10.10.0.2
no ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
access-list 1 permit any
!
snmp-server community Maladomini-RW RO
snmp-server location Lovington NM USA
!
!
line con 0
 exec-timeout 0 0
 password 7 075C701416281D081E1C355D
line vty 0 4
 password 7 0527031B2C49470758
 transport input ssh
line vty 5 15
 exec-timeout 0 0
 password 7 05585757796D4A04100B2943
!
end

__________________________________________

 

 

 

 

Labels:
0 Helpful
2 Replies 2

ryancisco01
Level 1
Level 1

‎04-27-2015 06:47 PM

I think its very likely an interface has failed to negotiate to full duplex. Can you go through all of your interfaces on the ASA and switches and check they all agree on speed and duplex on either side of the link. 

 

 

0 Helpful

Mitchell Tuckness
Level 1
Level 1
In response to ryancisco01

‎04-28-2015 11:08 AM

I located the issue of the packet loss. I have a security system that uploads FTP images of the cameras and after the reboot of the network, the only computer that wasn't shut down was the security camera PC.

 

So I think what happened was after I brought everything back up, it was saturating the outgoing bandwidth, causing packet loss and high latency. Once I determined what it was and shut off the FTP image upload, the pings stabilized and it is working fine now. Trace routes are still not functioning, but I can live without that for now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card