Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1294
Views
0
Helpful
0
Replies

Cisco ASA 5550 terminating sessions/tuning?

zachrhart@gmail.com
Level 1
Level 1

‎11-14-2019 05:39 AM - edited ‎11-14-2019 05:40 AM

Hey All,

I'm running an ASA 5550 out of my home network and, overall, things are pretty good. It acts as my gateway (ISP Gateway is in full passthrough mode, all frames get sent to the ASA), and does it's job well.

I recently installed a 5508 WLC with 2206 APs running PoE to get wifi coverage through the entire house, and set that up behind my primary router, a Cisco 3945.

I do, however, have a really weird issue stemming from the ASA. It seems to randomly terminate sessions on devices, or maybe after a 30-60 second inactivity timeout? For example, my laptop (which plugs directly into the switch and traverses the router/firewall combo) has no issues until I walk away for a couple minutes, and then gets zero connectivity with any browser. if I initiate a ping from the device to (anywhere on) the internet, full connectivity comes back (which is why I think it's possibly a session layer issue--does the ASA cut traffic to inactive nodes and require a L3 request to start the traffic flow again?). Same deal with my Amazon Echo's and other wifi devices like my phone that traverse the regular (secured) network. If I go to play some music, no problems. If I stop music for a few minutes (or an hour or whatever), and try to start again, the echo immediately reports that it can't reach the internet (but still has an IP address). Rebooting the echo to reset all the sessions (this also gives it a new IP address-theres no way to issue a ping from an echo) fixes the issue, it'll get back online. Sometimes my phone will lose connectivity and bouncing the wifi adapter fixes it. I can be pretty certain that the firewall is the issue here because I re-routed everything out the soft zone-based firewall on the router to test, eliminating the ASA from the path, and all the issues stopped immediately, full connectivity everywhere 100% no session drops for a full 48 hours.

Obviously, I want to run the ASA on my network. I like running my traffic through it. Does anyone know if there's any session timeouts (or a way to adjust the session timeout timer?), or had a similar issue, or can think of a good solution to test? Turning the firewall off would fix it, but that's my least preferred option. Very stripped down picture of my topology attached. Thanks.

Labels:
Preview file
88 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card