Hello Julio,

I don't have the access to the ASA right now I can give that details tomorrow. But we have replaced a router which used to act as a firewall with the ASA and I have copied the mac address of the external interface  from the router and assigned it to the external interface of the ASA. If it is an ARP issue what might be it and what is the best way to resolve it..!!

Thank you very much for your reply...!!

--

Raj

Hello,

Let's first work on the tests I have asked before,

Then we will move forward.

so tomorrow when the issue happens:

do a ping from the ASA to the comcast router.

Then clear the ARP table on the ASA, do the ping again and check whether there is an ARP entry or not.

Afterwards clear the ARP on the Comcast routed and do the ping (and again check the ARP table)

Are they directly connected?

Regards

Hello Julio,

sorry for the late reply..!! Yes they are directly connected. We though that the issue was with my comcast smg modem and replaced it with the netgear CG3000d but this time i was not able to go out as well as come in.

From the ASA I was not even able to ping the default gateway (modem is my default gateway)

I can't test it becuase it has to be taken down and put the router back to have the traffic going.

this time I had no CRC errors but there were interface resets on my external interface and there are collissions and interface resets on my internal interface. it's been two weeks since i was facing this problem...!!

thanks

Hello Rajashekar,

Okey,

Let's do something.

Next time the issue happens do a clear arp and then see if you can connect?

Note: I would go ahead and configure the COMCAST modem with a static ARP entry pointing to the ASA.

If you ask why to use a Clear ARP is because with that we will force the ASA to send a gratitious ARP that will update the ARP table on the Comcast Router.

Let me know how it goes.

Jcarvaja

Follow me on http://laguiadelnetworking.com

Hello Oscar,

i don't think its the license issue

Hi,

I dont think about a licensing issue as Julito mentioned, maybe you can clear the interface counters by using the clear interface command and then issue the show interface after about 1 minute to see errors incrementing, I see that you dont have CRCs any more but we could verify how are the interfaces setup.,

If you are not able to ping your DG any more maybe we can look for the ARP issue mentioned

In the meantime you could share the previous command requested and maybe the following outputs if possible

show route

sh run nat (show run global for previous 8.3 versions)

Regards,

Hello,

It's not a requirement.

I mean leave it the way it is and then add the static arp entry as I recommended.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

We need configuration, show tech, this could be so many things, that ARP, NAT, PAT, bug, DHCP, bla, bla, bla

If it is working with the router and not the ASA ARP would not be my first troubleshooting step but it also needs to be checked.

Enable logging on the ASA and check to see if you see anything on them:

enable

config t

logging asdm debugging

logging buffered debugging

logging buffer-size 1048576

clear log buffer

You can check the logs via ASDM or log into CLI via putty and record the log output and then tell us the time of the failure.

enable

show log

Also confirm that the router has been removed completely when the issue happens.

Do we have any updates? Do you still need assistance?

Please update the ticket as resolved or answered so we can close out followup.