Cisco ASA connection dropping

rjmarker1 · ‎06-24-2012

I have a Cisco ASA 5505 - 50 VPN edition. I have baffling network issues that I have not been able to pinpoint and I recently started to think it may have something to do with my ASA. I'm a network administrator and I have a Cisco ASA 5505 in my home network so I can learn how to manage Cisco ASA's and utilize the Easy VPN feature so I have a always on VPN connection into work to log into servers, etc. I've been using the ASA for almost 6 months with the EasyVPN feature with no issues. My ISP is Comcast.

Within the last week my connections have been randomly dropping for about 20 seconds and then reconnecting. I have two computers on the network that have a direct ethernet run to the switch ports on the back of the ASA. When the connection drops, I see my LAN icons completely lose connectively (yellow exclamation warning) then after 20 seconds, reconnect. This is very random. I was able to get it to happen every time I connected to XBOX live and play a online game. It would almost on cue drop after 30 minutes of online gamming. Here are the steps I have taken:

1. Replaced 10/100 switch to a brand new 10/100/1000 switch from computer run in my office to the ASA.

no joy

2. I upgraded the ASA to the most recent firmware: ASA Version 8.4, ASDM Version 6.4

no joy

3. I had an ethernet run under my carpet to the office, I started to think that maybe one of the cables had an issue after walking on it and vacumming causing a short. I removed all the ethernet under the carpet and installed power line over ethernet adapter from the ASA to my office.

no joy

4. I checked both computers on the network for viruses. All computers came back clean after scanning wth Malwarebytes and SuperAntispyware.

5. I've watched the logs on the ASA as the LAN connection drops and I don't see error messages that help me troubleshoot this issue.

The only thing left to replace is the Comcast modem or the Cisco ASA. The Comcast modem is newer and only about 1 year old (rented from Comcast). Since my actual LAN connection drops and I lose connectively I believe there may be some issue with the ASA or the ASA switch ports or some sort of internal hardware issue on the ASA. Can anyone point me in the right direction?

rjmarker1 · ‎06-24-2012

I've been monitoring the ASA real-time log and get "System Memory usage reached 81%" every 5 mintues. The memory usage stays pretty steady at 81% even after a ASA reboot. During the monitoring it only reached 82% at it's max. I'm assuming the new 8.4(1) OS i'm running on the ASA eats up the memory. Should I be concerned at the memory usage? Here is my show memory detail output:

Result of the command: "show memory detail"

Free memory: 49104648 bytes (18%)

Used memory:

Allocated memory in use: 59947256 bytes (22%)

Reserved memory: 159383552 bytes (59%)

----------------------------- ------------------

Total memory: 268435456 bytes (100%)

Least free memory: 49040784 bytes (18%)

Most used memory: 219394672 bytes (82%)

MEMPOOL_DMA POOL STATS:

Non-mmapped bytes allocated = 39583744

Number of free chunks = 51

Number of mmapped regions = 0

Mmapped bytes allocated = 0

Max memory footprint = 39583744

Keepcost = 22542768

Max contiguous free mem = 22542768

Allocated memory in use = 17025048

Free memory = 22558696

----- fragmented memory statistics -----

fragment size count total

(bytes) (bytes)

---------------- ---------- --------------

16 1 16

32 1 32

48 1 48**

48 1 48

88 1 88

112 1 112

184 1 184

256 40 11488

384 1 384

512 1 640

2048 1 2624

22542768 1 22542768*

* - top most releasable chunk.

** - contiguous memory on top of heap.

----- allocated memory statistics -----

fragment size count total

(bytes) (bytes)

---------------- ---------- --------------

56 1 56

96 3 288

112 1 112

152 2 304

168 5 840

232 1 232

248 1 248

256 11 2816

512 9 4608

768 3 2304

1024 72 73728

2048 1 2048

4096 3 12288

8192 2 16384

12288 1 12288

16384 3 49152

24576 6 147456

32768 5 163840

65536 12 786432

98304 6 589824

131072 1 131072

196608 2 393216

262144 3 786432

393216 1 393216

786432 1 786432

1048576 1 1048576

1572864 1 1572864

2097152 2 4194304

3145728 1 3145728

MEMPOOL_GLOBAL_SHARED POOL STATS:

Non-mmapped bytes allocated = 109051904

Number of free chunks = 284

Number of mmapped regions = 0

Mmapped bytes allocated = 0

Max memory footprint = 109051904

Keepcost = 48865136

Max contiguous free mem = 48865136

Allocated memory in use = 59947256

Free memory = 49104648

----- fragmented memory statistics -----

fragment size count total

(bytes) (bytes)

---------------- ---------- --------------

16 83 1328

24 74 1776

32 48 1536

40 39 1560

48 1 48**

48 15 720

512 2 1424

768 10 7952

1024 2 2272

4096 5 24200

24576 3 87416

98304 1 108976

48865136 1 48865136*

* - top most releasable chunk.

** - contiguous memory on top of heap.

----- allocated memory statistics -----

fragment size count total

(bytes) (bytes)

---------------- ---------- --------------

48 582 27936

56 2068 115808

64 6130 392320

72 286 20592

80 822 65760

88 287 25256

96 199 19104

104 2160 224640

112 93 10416

120 148 17760

128 204 26112

136 71 9656

144 39 5616

152 560 85120

160 99 15840

168 172 28896

176 193 33968

184 331 60904

192 24 4608

200 65 13000

208 14 2912

216 24 5184

224 15 3360

232 12 2784

240 67 16080

248 89 22072

256 608 155648

384 179 68736

512 339 173568

768 40 30720

1024 468 479232

1536 35 53760

2048 319 653312

3072 51 156672

4096 55 225280

6144 15 92160

8192 37 303104

12288 53 651264

16384 135 2211840

24576 18 442368

32768 33 1081344

49152 13 638976

65536 203 13303808

98304 9 884736

131072 27 3538944

196608 8 1572864

262144 4 1048576

393216 3 1179648

524288 9 4718592

786432 1 786432

1048576 1 1048576

2097152 1 2097152

8388608 2 16777216

Summary for all pools:

Non-mmapped bytes allocated = 148635648

Number of free chunks = 335

Number of mmapped regions = 0

Mmapped bytes allocated = 0

Max memory footprint = 148635648

Keepcost = 71407904

Allocated memory in use = 76972304

Free memory = 71663344

rjmarker1 · ‎06-24-2012

Well, it's seems that my Comcast modem was the root cause of the connection dropping out on me. I've rebooted the modem (had to unplug the built-in backup battery) and my ping times to servers over my VPN improved dramatically.

I'm still concerned about my Cisca ASA memory hanging out at 81-82% usage. Is this something I can ignore?

Jouni Forss · ‎06-27-2012

Hi,

Only thing I can say about the memory usage is that I have never run into situation where memory usage would have become an issue.

Also some old Cisco PIX515 models used to take around 70-90% of the memory when you were using a newer software on them. Dont think we ever run into problems with them though.

You probably need someone from Cisco to answer this question.

- Jouni

tonysimms · ‎07-12-2012

I had a nearly identical issue with an ASA5505 on v8.2 / v8.3 a little over a year ago. Like clockwork my XBL connection would drop. I thought it was exactly at 15 minute intervals if I was sitting idle, then randomly during gameplay.

* Random Xbox Live disconnects (most while sitting in game menu, some during game play)

* Inaccurate display of friends' online status (50% of friends showing offline or wrong status details)

* Inability to join games of friends (friends I've never had problems joining)

I may be a bit off here, but I believe the fix I put in place was to add a Service Policy Rule for http traffic classification. As I recall, it was dropping the XBL connection that was initially being established and not properly maintaining state until I added the class-map and access list. I think the below configs resolved my issue. 192.168.1.99 is the IP of my XBOX.

class-map inspection_http

match access-list acl_inspect

access-list acl_inspect extended permit tcp host 192.168.1.99 any eq www

access-list acl_inspect extended deny ip any any log