I have a problem that I ran into two or three years ago and it is the same issue. I remember doing traces on the outside interface of a PIX and ASA and determined that the cable modem was shutting down my port - I insisted on another brand of cable modem and the problem was resolved. The cable modem was a Cisco model CDQ???? or something like that.
Now at another Optimum Online site (years later, and we do have quite a few of them for our remote sites), I am running into the same issue. The site has a Cisco CPQ3925 modem (I have to verify the model - left paperwork at site) that supports 5 static IPs - just like our old failing site did a few years back which I think used this same exact cable modem!). The cable modem has four Ethernet ports, 1 coax port and two RJ11 ports. The customer is using two of the Ethernet ports for their equipment and each has a static IP assigned to it. I have access to the other three IPs and they do react the same way as does both available Ethernet ports on the back of the cable modem - they will all fail the same way. I have also swapped the ASA5505 and used another code level which did not resolve the issue. In the past I tested with PIX firewalls too and had the same failing results at the other bad site a few years back.
The issue is that the cable modem may run for an hour or two and then shut down the interface that the ASA or PIX is attached to. It turns the port from green to red - meaning disabled. After a period of time, 15 - 60 minutes, the cable modem port will reset and the firewall will again come back online. This happens continuously and will run like this forever. In the ASA I do not see any logging that would explain the reaction that is taking place on the cable modem. I know my hardware and configs are sound (These same configs and ASAs will run at another testsite forever with no issues)and I have included it below. I am only natting and not performing any statics. I am creating an IPSEC tunnel to our remote site that works fine until the cable modem shuts down our Ethernet interface. Even is the tunnel is disabled, this same problem will still appear at the site so it is not IPSEC tunnel related.
This is not my site and not my cable modem or ISP connection. They are letting me borrow and use an static IP address as a courtesy for a mutual project. I am trying to figure out if there is an easy solution for this without requesting them to replace the cable modem. If I recall I thought the original problem has to do with gratuitous arps but I don't see why that would be an issue on my end.
Taking a trace (would probably have to be done onsite unfortunately) may be required and I know that asking Optimum Online for assistance will simply result in getting nowhere. They have no PD skills at all and could not even tell me why their port was being shutdown - pretty lame!!
Anyone see this problem before with an easy fix like some ASA command? I don't believe the latest ASA code levels will make any difference. I could always install a second cable modem connection and tell them to provide a TOSHIBA cable modem since I know it will have no issues with it - did that in the past. But that is $80/month for a project connection that will hardly be used.