Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
1
Replies

Causing some network problem after connecting the new ASA to my network

riderfaiz
Level 1
Level 1

‎11-15-2012 02:39 PM - edited ‎03-11-2019 05:24 PM

Hi everyone,

Hope you can help on this issue.... It is strange to me...but may not be to you

Currently, I have a subnet connects to my primary network. All the internet travel thru a router there in turn thru a pair of ASA failover firewall (ie Subet -> router -> Subnet ASA -> Pirmary network ASA -> Primary network router -> Internet).

Now we try to setup a internet pipe so the subnet can go to internet by its own. So...for security purpose, we put another new ASA in between.the subnet and the new internet. This will be the first, and the old path to Interent would be the back up route.

NOW

I have not even make any route cahgnes on the router yet. What I did was to connect the new ASA to the subnet. Again, I do not change any routes, or any gateway settings on all the computers yet in the subnet!! I just connect the asa. That is it...please remember this.

However, problem happens. I have a application server in the same subnet.... that keeps kick out users. I also have continuous ping to it... I saw that the server has requesdted time out...it did not come back up until about 10 to 20 seconds later. The server, in fact, is a cluster server. Although I can ping the physical server, I cannot ping the virutal server.

In order to fix the problem, I really need to unplug the new ASA from the network, and reload the cluster server. Then it starts to work.

ANother symptom is that...people complaint the log on is obviously slower than usual.

May I ask why the new ASA will cuase this trouble?? Again, no routes on the router have been change. And all PCs in the subnet are still using old gateway, and did not nkow about the new ASA.

Any ideas would be great!! Very strange to me. Thank you very much for your help.

Riderfaiz

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎11-16-2012 05:31 AM

First guest would be proxy ARP.

Proxy ARP is enabled by default on the ASA. The new ASA might be proxy ARPing for whatever reason.

OR the new ASA might have been configured with an ip address that belongs to another device by mistake.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card