ASA 5510 connection locking up - CRC errors

jason.rothwell · ‎08-01-2014

Hi All,

I'm getting a problem with our ASA 5510 locking up and the connection basically dropping when a large of amount of traffic is passed through it.

The set up is very simple, my ISP has provided an 1841 router and that is connected directly to my ASA.

What seems to be happening is that when a large amount of traffic (backups) is being passed through the number of CRC errors my ISP sees starts increasing rapidly and then eventually traffic just stops flowing. A reboot of the firewall will fix this, until the next large batch of traffic and it happens again.

I'm running 8.0.4 (yes, not exactly up to date, perhaps a known bug in this version?). There is very little config on the external interface, no rules beyond "allow traffic from a higher interface to a lower interface).

We have tried 3 different cables, all brand new in their packaging and also port 0/0 and 0/2.

CPU and memory usage are not spiking at the time of the issue.

We have tried all combinations of speed and duplex settings, the only thing we noticed there is that if both ends are set to full 100 the connection simply doesn't work. Do I need a cross over cable to make manual settings work?

My config is attached, hoping someone has seen this behaviour before.

Thanks in advance!

Jason

nkarthikeyan · ‎08-02-2014

Hi,

More number of CRC you get... more packet drops and even in worst case it blocks all the traffic..... there you need to check the physical connectiviity between two devices..... router to fw cable.... else there might be a problem with the physical interface itself.....

do you see any log messages shows some errors related to traffic drops?

I do not see any related bugs or release notes for that specific version....

moreover we cannot do much with 1841, which is a EOL device....

Regards

Karthik

If you want to try upgrading, then go for minimum of 8.2.5.

Regards

Karthik

Marius Gunnerud · ‎08-03-2014

There are a few things that could be causing these errors. I would first make sure that the port is operating in Full Duplex (show interface gig0/1 or show int ip brief). If the port is not in Full Duplex and you have no configuration for this on your ASA, have the ISP check their config.

Other things that can cause this issue are, Karthik has mentioned some, faulty cables or a faulty port. Also if you are using a GBIC SFP, try changing it.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

jason.rothwell · ‎08-04-2014

Hi guys,

Thanks for the replies.

I'm fairly sure it's not a cable issue as I've tried 3 now, all straight from the packet so they're brand new.

I'm going to try reducing the speed to 10Mbps and see it is stable then, if so it definitely suggests a hardware fault with the NICs.

Thanks,

jason.rothwell · ‎08-06-2014

Hi all,

So I removed the ASA yesterday afternoon and the connection is still dropping, so it doesn't look like that was at fault. Must be a fault on the ISPs kit so I'll be escalating with them.

Thanks,

Jason

jason.rothwell · ‎08-11-2014

Hi All,

So we swapped the interfaces round and there have no been no CRC errors all weekend.

Weird.

Thanks all!

nkarthikeyan · ‎08-11-2014

Hi Jason,

Yeap. Seems to be fault with the hardware slot (interface port).

Regards

Karthik