10-07-2012 05:56 AM - edited 03-11-2019 05:05 PM
problem on ASA5510 with 7.1 . when internet restores from isp side i have to reboot the firewall to make internet work for inside users everytime.
I changed the xlate timeout to 00:10:00 from 3 hours , still i am getting teh same problem.
10-07-2012 06:30 AM
Hello Riyasat,
Once internet restored , are you able to ping you service provider from the ASA ? if you are not able to do so, it could be a problem with your arp, clear arp and try to ping again.
If it is not a problem with the ARP, then we need to suspect NAT or some other parameters
regards
Harish.
10-07-2012 06:46 AM
inside users doest get internet till the time i restart the firewall or I initiate a ping from firewall.
10-07-2012 07:07 AM
OK, you meant to say that , after internet restores, you are able to ping service provider IP ( the gateway of your firewall) and once that is done the inside users are able to access internet is it ?
Harish.
10-07-2012 07:29 AM
Yes Hairsh, after Internet is back we can ping the ISP IP and after that only inside users gets internet.
10-07-2012 08:43 AM
Hello Riyasat,
I think this is an arp issue.
Next time it happens, do not reboot the ASA.
Just do a
clear arp
and if that does not work
reload the ISP modem.
Let me know what happens
10-08-2012 12:13 AM
Well, after ISP restores , I connect the modem diretly to my pc not to ASA and internet works from my pc but not from firewall, then i have to loging to firewall initiate a ping or reload the firewall to make it work for inside users.
10-08-2012 12:17 AM
Hello Riyasat,
Can you set a static ARP entry for your ISDp gateway on your firewall
arp
let us your modem IP is 1.1.1.1 and MAC is 1234.4321.1234
then
arp outside 1.1.1.1 1234.4321.1234
Harish.,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide