Re: ASA5520 stops passing traffic

mbookham · ‎10-07-2008

A couple of times now, an ASA5520 - Software Version 7.1(2) stops passing traffic (no changes made to the ASA for weeks). The interfaces are up/up (one is connected to a 3750 (full/1000Mbps) and the other to a LES100 circuit (full/100Mbps) and no errors are on the interfaces. I can ping from the ASA GUI tools option to remote devices, but cannot ping or telnet through the ASA (normally I can). There are duplicate SYN packet messages which implies to me that the packets are being re-transmitted with no response (indicates a physical connectivity issue - powered off the LES100 circuit but still a problem). A power off/on fixes the issue, but a reload doesn't.

Can someone give me some pointers where I can start to look the next time this occurs?

Thanks

mchin345 · ‎10-13-2008

Traffic through the ASA also stops a passing.

The problem is resolved after rebooting the ASA.

If this is the case then you are hitting this bug CSCse08133

The only solution is to upgrade your IOS

mbookham · ‎10-14-2008

Thanks for taking the time to reply, however that BUG ID is not the issue:

CSCse08133 Bug Details

SSH and other to the box traffic denied because of no connection

Symptom:

After a period of time, administrators are unable to SSH, or ping the interface

of the security appliance.

Conditions:

SSH or ping were successfully working before, but stopped. Checking the syslogs

indicates that the to-the-box traffic is being denied as through-the-box traffic.

Workaround:

Re-enter the IP address on the interface.

My issue is:

I can still access the box ok, but no traffic is passing through it. I can ping devices on both interfaces from the ASA itself.

netadminquid · ‎11-21-2008

Hi,

I have the same identical problem, I'd like to know if you have resolved the problem.

Thank you, and sorry if I could help you.