ASA 5510 running on 7.1

Riyasat Ali · ‎10-07-2012

problem on ASA5510 with 7.1 . when internet restores from isp side i have to reboot the firewall to make internet work for inside users everytime.

I changed the xlate timeout to 00:10:00 from 3 hours , still i am getting teh same problem.

Harish Balakrishnan · ‎10-07-2012

Hello Riyasat,

Once internet restored , are you able to ping you service provider from the ASA ? if you are not able to do so, it could be a problem with your arp, clear arp and try to ping again.

If it is not a problem with the ARP, then we need to suspect NAT or some other parameters

regards

Harish.

Riyasat Ali · ‎10-07-2012

inside users doest get internet till the time i restart the firewall or I initiate a ping from firewall.

Harish Balakrishnan · ‎10-07-2012

OK, you meant to say that , after internet restores, you are able to ping service provider IP ( the gateway of your firewall) and once that is done the inside users are able to access internet is it ?

Harish.

Riyasat Ali · ‎10-07-2012

Yes Hairsh, after Internet is back we can ping the ISP IP and after that only inside users gets internet.

Julio Carvajal · ‎10-07-2012

Hello Riyasat,

I think this is an arp issue.

Next time it happens, do not reboot the ASA.

Just do a

clear arp

and if that does not work

reload the ISP modem.

Let me know what happens

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Riyasat Ali · ‎10-08-2012

Well, after ISP restores , I connect the modem diretly to my pc not to ASA and internet works from my pc but not from firewall, then i have to loging to firewall initiate a ping or reload the firewall to make it work for inside users.

Harish Balakrishnan · ‎10-08-2012

Hello Riyasat,

Can you set a static ARP entry for your ISDp gateway on your firewall

arp < Mac address>

let us your modem IP is 1.1.1.1 and MAC is 1234.4321.1234

then

arp outside 1.1.1.1 1234.4321.1234

Harish.,