cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
729
Views
0
Helpful
2
Replies

asa 5510 stops forwarding incoming traffic to internal servers.

dragand
Level 1
Level 1

Since the power failure two days ago, my -ASA stops forwarding traffic to internal servers, for no apparent reason. Packet trace shows all OK, packet capture buffer stays empty when I try to http into the mail server. The only way to get it working is to change the Outside Ip to the one used for mail, then to change it back. It will work OK for a few hours, then stop, with nothing obvious in the logs. I am about to pull the little hair I have left , out of my head. Any ideas??? Thanks

Sent from Cisco Technical Support iPad App

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

sounds like an ARP issue, i would check if other devices within the outside interface network is proxy ARPing for the mail server public IP Address.

Turn off or disconnect any other devices that might be causing the issue, or might be proxing ARPing on behalf of the ASA.

Check the MAC adrdress when the failure occurs on the outside devices that connect the ASA outside interface, ie: router, switch, other firewall, etc. Make sure that the MAC address is not any other MAC address but the ASA outside interface MAC address.

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

sounds like an ARP issue, i would check if other devices within the outside interface network is proxy ARPing for the mail server public IP Address.

Turn off or disconnect any other devices that might be causing the issue, or might be proxing ARPing on behalf of the ASA.

Check the MAC adrdress when the failure occurs on the outside devices that connect the ASA outside interface, ie: router, switch, other firewall, etc. Make sure that the MAC address is not any other MAC address but the ASA outside interface MAC address.

You were correct. Somehow the proxy ARP on the ASA was turned off for the outside interface, but the ADSM was showing it turned on. All good now, 12 hrs +. Thanks for your help.

Sent from Cisco Technical Support iPad App

Review Cisco Networking for a $25 gift card