Re: ASA 5505 Drops Internet - TimeWarner Cable - Page 2

Timothy Garay · ‎10-17-2016

I have done a bunch of researching and I have tried some troubleshooting when the problem occurs but I'm just coming up empty-handed. This is really frustrating my family and myself.

We have TimeWarner cable. From the Motorola cable modem I go right to interface 0/1 on my Cisco ASA 5505 (9.1(6)) with ASDM 7.4(3). That is setup as the outside interface with DHCP and gets assigned my public IP address (which does not change often).

I have unlimited license to internal hosts. I have hard coded 0/2 to full duplex 100MBps.

From the ASA I go to a gigabit switch and from there to the rest of the computers in the house. I work from home so have VPN access to work and see right away when Internet connection drops.

About once per day (no specific time of day), I lose Internet connectivity from internal devices. I can still ping the ASA (it is up) and login to it. I cannot ping any public DNS or IP addresses.

Easiest fix is just to reboot or reload the ASA. When it comes back up the problem is fixed.

Lately, I've been trying to troubleshoot and hopefully fix the problem altogether. Today it happened again and I was in a position to do some troubleshooting. Cable modem shows connection with no issues. ASA is up. I login to ASDM of ASA. Nothing looks like issue in log messages. I Putty to ASA. Do show arp, clear arp. Do show conn count and clear conn. Do clear xlate. These are all things I found in other posts. From ASA I can ping all internal hosts. I can ping the cable modem (192.168.0.1). I cannot ping any public DNS or IP addresses. I cannot ping my public IP address (whatever it is at the time). ASA doesn't really show anything is wrong - I just can't get out. I do a shut then a no shut on 0/1 (outside interface) and Internet starts flowing again. When Internet is working, I am able to ping my public IP address from the ASA.

Things I am looking for: suggestions of things to check, look at or do next time this happens for troubleshooting.

Doing a real time log view, I don't see the firewall blocking anything like perhaps it has shut things down.

I am a novice at Cisco. Am familiar with the CLI basically but no whiz kid at commands for troubleshooting.

I have attached my running config if anyone would like to review it.

Thank you!

-TimG

Michael Jackson · ‎10-01-2020

I am having a very similar issue on a new ASA 5506-X.

Spectrum Business modem, 5 static IP addresses, using 3 of them.

We find that randomly, every few days, the traffic seems to stop flowing on the primary IP which is the dynamic NAT address. The symptoms are that we can no longer browse the internet, and the remote VPN stops. Conversely, the static NAT addresses, one for email server, and one for a DVR system, continue to work. And I can actually remote into the email server to do troubleshooting. The email server still has access, so it appears that only IP affected is the primary IP using dynamic NAT.

Basically rebooting the ASA was what I first did to get it working again, later I found if I "clear arp" on the router, everything starts working again. I have many ASA 5506,5508 routers on Spectrum Business and this is the only one that has issues. I took it up with Spectrum, but of course they do their little remote process into the modem and "everything's fine"..... no help. Even if it IS an issue on the Spectrum side, I just want to patch it if I can, if there is some way to periodically issue a "clear arp" command on the ASA, that would be enough for me.

Any solutions?