Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1644
Views
0
Helpful
2
Replies

ASA 5506 Dynamic NAT IP address traffic flow ceases.

Go to solution
Michael Jackson
Level 1
Level 1

‎10-23-2020 11:45 AM - edited ‎10-23-2020 11:57 AM

Good afternoon,

I have a Cisco ASA 5506 on a Spectrum Ubee cable modem. We have a block of 7 static IP addresses.  We are using 4 of the addresses.  One is the primary IP of the router which allows client internet access via dynamic NAT, as well as remote VPN.  Three other 3 are static NAT addresses assigned to three devices inside the network.

Randomly - anywhere between 3 times a day to sometimes once every few days - the primary IP address (and only the primary) using dynamic NAT seems to go dark.  I cannot ping it from outside.  All internet traffic flow for internal clients stops, and VPN will not answer.  I CAN still access the services on the three other static NAT IP addresses.  In fact one of those is a server that I can actually still remote to gain access to the ASA and repair the issue.  So the Internet circuit is up and passing traffic for these static IP addresses.

I have figured out that instead of rebooting the firewall, I can simply "clear arp" and the dynamic nat ip comes back up.

I have talked to Spectrum who have basically said "not our issue".  I have so many ASA on Ubee devices out there, but only this one is an issue.  I want it to be Spectrum's problem, but is these anything on the ASA that might account for this, and how can I fix it?

 

N. Michael Jackson - NMJ Technology LLC

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Michael Jackson
Level 1
Level 1

‎10-15-2021 11:27 AM

The solution was we threw Spectrum out and put in an AT&T fiber circuit.  Problem solved.

 

Thanks for all that responded.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Aref Alsouqi
VIP
VIP

‎10-25-2020 05:32 AM

Looks like the ASA runs out of PAT allocation. I would try to configure an object with one or two public IP addresses, and configure the interface as a fallback if the PAT allocation should exhaust. Here is an example:

object network PAT-POOL

 range 1.2.3.4 1.2.3.5

nat (inside,outside) after-auto source dynamic <LAN object> PAT-POOL interface

If you want to use one single public IP, you can just replace the .5 with the same IP .4:

range 1.2.3.4 1.2.3.4

0 Helpful

Go to solution
Michael Jackson
Level 1
Level 1

‎10-15-2021 11:27 AM

The solution was we threw Spectrum out and put in an AT&T fiber circuit.  Problem solved.

 

Thanks for all that responded.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card