Internet died once again. I

James Sheridan · ‎02-14-2015

Hi there, I have a Cisco ASA 5505 running at my house. It has been running fine for the past year but lately the outside interface seems to be failing. Basically my internet connection seems to be going down, all internal devices are still able to communicate with each other. This happens about every 12 hours or so.

To resolve the issue i reboot the ASA and everything works fine for roughly 12 hours, then it fails again. Not sure what is going on. If anyone could help that would be awesome. Thanks

ASA Version: 8.4(2)

Marius Gunnerud · ‎02-14-2015

do you see any drops on the physical interface or the vlan interface? I am thinking more along the lines of 1 minute packet drops and 5 minute packet drops. Also do you see any CRC errors, underuns, overruns, runts, giants....etc.?

show interface eth0/0

show int vlan2 (unless you have changed it the outside VLAN should be vlan2)

If you see any of these then clear the interface counters and keep monitoring to see if they continue to tick upward so you know that they are not old information.

clear interface eth0/0

You could also issue the command show asp drop to see where most of the drops are occuring.

Also, have you tried changing the interface you use for the outside? To do that just add another unused interface to VLAN2 or whichever VLAN you use for the outside connection. For example:

enable
configure terminal

interface eth0/4
switchport access vlan 2
no shut

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

James Sheridan · ‎02-14-2015

Thanks for the reply, so when it failed again (predictably roughly 12 hours after the previous time) i checked everything you mentioned, and the interfaces (eth0/0 and vlan2) where all fine. I also tried changing the interface to an unused port, and the link did not come up. I checked the show asp drop and there where a large amount of "Slowpath security checks failed (sp-security-failed)" (over 10000)

I preformed another reboot, and everything came back fine. (In the 5 minutes since reboot there are now 430 drops due to Slowpath security checks failed (sp-security-failed). Not sure if this would cause the connection to fail completely or not.

James Sheridan · ‎02-15-2015

Internet died once again. I tried clearing the arp table. This seemed to fix the symptom. Still not sure what's causing the issue.

Marius Gunnerud · ‎02-15-2015

Are you running a webserver behind your ASA? or any other services? Or is this just being used as a boundry between your home network and the internet?

When you have lost connection to the internet, could you run the following commands aswell:

show conn detail

capture ASP type asp-drop sp-security-failed

show capture

to remove the capture issue the command

no capture ASP (where ASP is the name of the capture.)

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

James Sheridan · ‎02-15-2015

The ASA is being used as a boundary between my home network and the internet, as well as using it for VPN into office network for one device.

It went out again, this time, twice within an hour. I have attached a log file containing the commands/output you suggested.

Again, clear arp allowed internet communication to return.

Additional notes, not sure if it's relevant or not, but the only changes made to my network recently where upgrading a client to windows 10, and adding a raspberry pi device to the network. I had these two powered down for the whole duration of a network outage, restore, and outage again. So i don't think this is the issue, but these are the only things different from the time the network was stable to now.

Thanks so much for your help with this, i look forward to hearing back from you.

Thanks

Cisco 5505 outside interface failing