We have been experiencing some issues with occasional dropped connections to VPN clients. In investgating, we used the mtr utility to trace from inside out LAN to an external host. The first-hop packet loss (from the host to the ASA) seemed excessive, sometimes reaching 50%. The only thing between the host and the ASA is a gigabit switch. A ping flood from the same host to the same destinations show a 0% packet loss.
Looking at the inside interface, using the ASDM Interface Grapher for Drop Packet Count shows a nearly consistent 510-512 Kpackets lost.
What can cause thie? Can this be mitigated by reconfiguring the Interface from Auto/Auto to 1000/Full? Where do I begin finding the source of this packet drop, and is it real or some artifact of the ASA firmware?