ASA with Internet down
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2008 12:27 PM - edited 02-21-2020 03:03 AM
Hello:
I have an ASA 5520, with few users (50), sometimes the Internet goes down.
First I thought that was an ISP problem.
But if I restart the ASA, the internet goes up.
I don't really want to restart each time my ASA, but it looks like there is no another solution.
Can you help??
The ASA is acting as a DHCP server.
Where do I have to check if the ASA is the problem??
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2008 12:43 PM
What version are you running on the ASA?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2008 12:50 PM
ASA Version 7,2(3)
Firewall Mode: Routed
Context Mode: Single
There is also installed this module:
Cisco ASA SSM-20
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2008 12:56 PM
When you lose connectivity, can you still connect to the ASA? If so, can you ping your default gateway while it is down?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2008 01:08 PM
I am not really sure.
I will try this the next time it happens.
The router has 2 months, and in the last week, 3 times we have this problem.
I will enter a message as soon as I can.
I access via ASDM, I there seems no problem. Anyway, is there another test do I have to do?.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2008 03:36 PM
First of all,you need to make sure that the licensing on asa is correct.It should have a license to allow more then 50 users to access internet.( are u sure there are less then 50 ppl )....
does the internet goes down for everyone or for few ppl.
do u have a static ip or dhcp from isp.
There is a known issue of asa not negotiating ip address after the dhcp lease expires.
if you have a dhcp ip address from isp,try upgrading to 7.2.4 and see if that makes a difference.
####
Regards,
Sushil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2008 12:36 PM
Sure that I have less than 50 users.
I have a static IP from the ISP.
When the internet goes down, it does for everyone.
Now, I am monitoring the ASA with only 3 users, lets see what happens.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2008 01:21 PM
Hi to everybody again.
I install the ASA with only 2 usuers, all seems to be right, but today after 2 weeks the internet goes down.
I check the ISP and there was no problem.
I can PING my gateway. Also I access the ASA via ADSM and I didn't see anything suspicius.
I have to reset the ASA, and the internet came up again.
clues??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2008 01:21 PM
Is your ASA configured to use a syslog server? My PIX 515e (before I replaced it with my ASA) would close all ports, disconnecting Internet, when the syslog server went down. Restarting the PIX would bring it back up. Perhaps the ASA does the same thing - it's a security default behavior.
-- Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2008 01:28 PM
No it is not.
I check the logs output and something suspicius is that I found many Log ID 302013 and 302014, and finally the LOG ID 321001 (buffer)
Some relation???
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2008 01:35 PM
Can you post the messages from the log?
I have a couple of questions:
Is your ASA connected to an ISP's router?
What type of line do you have coming into your building?
If it's DSL, is it a pppoe account?
Do you have a tunnel connected from you to somewhere else that you actually get your internet from?
Can you post a config?
Thanks,
--John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2008 08:41 AM
Hi.
I have this escenario.
Internet->ASA5520->ASA5510->LAN
The ASA 5520 is directly connected to the Internet, via ADSL. It is not a pppoe account.
I dont have any tunnel.
I tried only with Internet->ASA5520->LAN, and I had the same error. Actually is working with the 2 ASA, and they are working fine, but whenever it stops working and I have to reset both.
All the configuration was made by ADSM.
Here is the configuration of ASA5520 and 5510
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2009 06:11 AM
Hi
Since ASA5520 is a unlimited users edition - it can not be a licensencing problem.
I do think this problem is related to the IPS Module, the IPS is known to lock up when using older versions. Please upgrade software in you IPS.
Also check the Interrim releases of the 7.2.3 This might be a bug that locks up your ASA.
Before upgrading your IPS - a simple reconfig to disable it, when problem is there, will solve your internet throughput lockup.
Best Regards
Ove CCIE#21940
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2009 01:59 AM
Hi
issue the command "show shun" from CLI, and if you got any output, check it against your LAN addresses and your outside IP addresses.