Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1158
Views
0
Helpful
5
Replies

ASA 5510 - Internet traffic stops working

jf1134
Level 1
Level 1

‎05-07-2020 04:42 PM

Hi

I have an ASA that's only being used for AnyConnect a few days ago, at random, the clients will lose their connection to the ASA. When I have been able to catch the drops, from the FW I'm no longer able to ping out to anything external. The only way I have been able to get it working again is to clear the ARP table on the ASA. Everything was working fine up until last weekend. No one has been in the server room and our office is locked down.

 

I've replaced all the cables on the ASA and on our core switch and I have changed ports on the switch and on the ASA tried another interface to be the inside. I've talked with the ISP and they are not seeing any issues on their end. I've actually talked to a few different engineers to confirm.

 

I'm at a loss on what else to try and starting to get some angry people.

 

Here's the interface stats from the Inside/Outside interfaces on the ASA

 

Interface Ethernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 001e.f75e.798e, MTU 1500
IP address X.X.X.X, subnet mask 255.255.255.240
25089590 packets input, 7293066956 bytes, 0 no buffer
Received 87438 broadcasts, 0 runts, 0 giants
4443 input errors, 0 CRC, 0 frame, 4443 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
28776226 packets output, 20981053260 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/82)
Traffic Statistics for "outside":
25089568 packets input, 6840513179 bytes
28776226 packets output, 20461223167 bytes
200282 packets dropped
1 minute input rate 119 pkts/sec, 18991 bytes/sec
1 minute output rate 113 pkts/sec, 27023 bytes/sec
1 minute drop rate, 5 pkts/sec
5 minute input rate 169 pkts/sec, 29670 bytes/sec
5 minute output rate 169 pkts/sec, 63286 bytes/sec
5 minute drop rate, 4 pkts/sec

 

Interface Ethernet0/1 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address 001e.f75e.798f, MTU 1500
IP address 172.X.X.X, subnet mask 255.255.128.0
31058153 packets input, 18170013620 bytes, 0 no buffer
Received 2003566 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
26773309 packets output, 5470918137 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (254/176)
Traffic Statistics for "inside":
31058151 packets input, 17575661046 bytes
26773309 packets output, 4912029066 bytes
1294731 packets dropped
1 minute input rate 146 pkts/sec, 19422 bytes/sec
1 minute output rate 141 pkts/sec, 17517 bytes/sec
1 minute drop rate, 14 pkts/sec
5 minute input rate 219 pkts/sec, 51327 bytes/sec
5 minute output rate 203 pkts/sec, 26824 bytes/sec
5 minute drop rate, 15 pkts/sec

0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎05-07-2020 04:49 PM

Can you post show version and uptime of the device.

 

When you clear ARP, how many ARP entries you see here  before clearing.

 

Looks for me some DDoS attack or bug.(to confirm we need version of code)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jf1134
Level 1
Level 1
In response to balaji.bandi

‎05-07-2020 05:08 PM

I would say there are around 40 entries in the ARP table.

 

Cisco Adaptive Security Appliance Software Version 9.1(7)21
Device Manager Version 7.3(3)

Compiled on Tue 19-Dec-17 12:27 by builders
System image file is "disk0:/asa917-21-k8.bin"
Config file at boot was "startup-config"

ASA up 1 day 2 hours

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz,
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1

0: Ext: Ethernet0/0 : address is 001e.f75e.798e, irq 9
1: Ext: Ethernet0/1 : address is 001e.f75e.798f, irq 9
2: Ext: Ethernet0/2 : address is 001e.f75e.7990, irq 9
3: Ext: Ethernet0/3 : address is 001e.f75e.7991, irq 9
4: Ext: Management0/0 : address is 001e.f75e.7992, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 250 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1210L1E7
Running Permanent Activation Key: 0x5f3cdc43 0x60cb7e9e 0xfcd3f954 0x8ff01034 0x09112187
Configuration register is 0x1

0 Helpful

jf1134
Level 1
Level 1
In response to jf1134

‎05-07-2020 06:42 PM

I forgot to add one thing. If I did nothing when the connection goes down, majority of the time it will start working again in about 15-20 minutes.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jf1134

‎05-08-2020 02:25 AM

if that come back what is the uptime ? i see in your show version shows 1Day up time, i think the FW rebooting automatically.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

jf1134
Level 1
Level 1
In response to balaji.bandi

‎05-08-2020 05:44 AM

I had restarted it a day ago and I know it's not restarting on it's own.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card