Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1428
Views
4
Helpful
3
Replies

ASA 5512 dropping Internet connection intermittently

Burgundy Burgundy
Level 1
Level 1

‎12-13-2016 12:29 PM - edited ‎02-21-2020 05:58 AM

Hi,

I have an issue with two ASA 5512 9.5(1) with Firepower Services.

The Outside interface of each firewall loses connection to the ISP gateway intermittently which results in losing Internet connection on all devices behind it. All interfaces are UP, but I can't ping ISP's gateway from the outside interface.

Each ASA is connected to a WAN port on the ISP switch (cisco catalyst 2960).

The internet drops can happen on both ASA or on one at a time and the connection is always restored after 5 to 10 minutes.

How can I tell if this problem is on our side or the ISP's ? 

I can give you further information if needed.

Thanks.

0 Helpful
3 Replies 3

mattjones03
Level 1
Level 1

‎12-13-2016 01:57 PM

Hi,

Can you send the output for the following command;

Show interface outside

In the meantime, some things to check;

  1. The interface speed and duplex.
  2. Request that the ISP provide you interface statistics for the router/switches interface that they provide you.
  3. Determine if the cabling between your ISP router/switch is faulty
    (We will be able to determine this potentially, with the output I have requested)
0 Helpful

Burgundy Burgundy
Level 1
Level 1
In response to mattjones03

‎12-13-2016 02:03 PM

Thanks for your reply.

Here is the output of the command:

Interface GigabitEthernet0/0 "Outside", is up, line protocol is up
Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address xxxx.xxxx.xxxx, MTU 1500
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.248
174125 packets input, 55584774 bytes, 0 no buffer
Received 4911 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
163948 packets output, 63145139 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (478/436)
output queue (blocks free curr/low): hardware (453/374)
Traffic Statistics for "Outside":
174124 packets input, 52414613 bytes
163948 packets output, 60128348 bytes
1131 packets dropped
1 minute input rate 9 pkts/sec, 792 bytes/sec
1 minute output rate 9 pkts/sec, 1777 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 7 pkts/sec, 2015 bytes/sec
5 minute output rate 7 pkts/sec, 2028 bytes/sec
5 minute drop rate, 0 pkts/sec

0 Helpful

mattjones03
Level 1
Level 1
In response to Burgundy Burgundy

‎12-13-2016 02:27 PM

Thanks,

CRC errors are zero, so looks good from a layer 1 perspective. Might be worth changing the cable just to be sure however.

Confirm the speed and duplex settings, that your ISP has applied on their interface also.

I would raise this up with your ISP, and determine if they have anything going on upstream that could be causing this.

Additionally, are you observing any firewall failovers between your 5512 appliances?

Would certainly be worth speaking with your ISP, as there are a good few possible scenarios;

  1. Dynamic routing issue (ISP side)
  2. ARP cache timeout (ISP side)
  3. If the connections are resilient, and your ISP is using switches to deliver this, it could simply be a spanning-tree issues on the hardware that they have provided (ISP side)

Really worth you raising a support ticket with the provider.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card