Hi guys, got a curly one -

Our ASA appears to randomly stop forwarding traffic between interfaces. Traffic does not forward for several minutes, then it starts again. After a while the traffic stops again for a few minutes, and the cycle repeats.

If you are on a directly connected network you can still ping the ASAs local interface (I have ICMP turned on for testing). However you cannot ping the ASA from any remote network. I can ping or trace all the way up to the last hop without an issue. You also cannot ping across the ASA to servers on the other side, even from the immediate next hop (which as I mentioned above, still works) .

This would appear to point to a routing problem? Strangely, routing still functions for the management network - I have had no problems reaching the command line from elsewhere in the network.

Has anyone encountered something similar to this before?

Relevent ASA configuration commands below:

interface GigabitEthernet0/1

description DMZ Trunk interface

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.220

description F5 DMZ Internal

vlan 220

nameif DMZInternal

security-level 50

ip address 172.17.20.1 255.255.255.0 standby 172.17.20.2

!

interface GigabitEthernet0/2

nameif Internal

security-level 100

ip address 172.17.99.254 255.255.255.0 standby 172.17.99.253

!

icmp permit any DMZInternal

icmp permit any Internal

!

route management 0.0.0.0 0.0.0.0 172.17.42.1 1

route Internal 172.16.0.0 255.240.0.0 172.17.99.1 1

EDIT: sorry forgot to post -

#sh ver

Cisco Adaptive Security Appliance Software Version 8.3(2)

Device Manager Version 6.4(1)

Compiled on Fri 30-Jul-10 17:49 by builders

System image file is "disk0:/asa832-k8.bin"

Config file at boot was "startup-config"