Hi Fnu,

Thanks for your support.

There is no log about, only stop to work and for all users.

In this ASA there are 02 links and both stop.

I don´t believe the problem is exhaustion, unless ASA is worst then Checkpoint, because one month ago I migrate from checkpoint to ASA and this problema never happened while the client was using Checkpoint.

Hi Marcio,

Thank you for your reply.

Are you able to ping the default gateway during the problem i.e from the firewall its default gateway? How about ARP status on both gateway and ASA?

Can you share your configuration? Can you do clear asp drop and then take couple of outputs of "show asp drop" and see which counter is increasing?

Can we take pcaps on inside and outside interface for one user and see if the packets are making it from inside to outside interface ?

What is the logging level set on ASA? Can you increase it to debug level during the problem and see what you get ? If firewall is dropping it, it must log the reason for it.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Fnu,

Follow the configuration attached.

Yes, is possible to ping the ASA, everything remain working, only the NAT to internet that stop.

The problem is not happening now, but when happen, I have no time enoght to collect information. The client want to service orking ASAP, then, reboot is the best option.

I made many clear comand, such as xlate, but didn´t work.

Hi Marcio,

Thank you for the configuration.

Please tell me which NAT rule stops working? Also, is it random or happens at a specific time or after sometime?

How often the issue happens? Since we are pressed for time, can we at least take two instances of show tech during the problem before reload is performed?

Also, if the recurrence of issue is pretty frequent, can we bump up the logging level and wait for the next occurrence?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Fnu,

This problem happens in random time, since I made the migration (last month) its happen 03x in diffentes days and hours of the day.

I can take the show take next time when happen.

Hi Marcio,

Please specify which traffic is affected ?

Also what NAT is being used for it.

Take the following outputs:

sh nat detail

sh asp drop ( continuous outputs after an interval of few seconds)

show cpu

show blocks

show memory

show process cpu-usage non-zero sorted

Regards,

Aditya

Please rate helpful posts.

Hi Aditya.

Thanks for your support

All the network that is behind Internal interface who whant to access the internet is affected.

For this networks I´m using Network object Nat.

Follow attached the commands.

Thanks

Hi Marcio,

Is this taken at the time of the issue ?

Also when the issue is there please clear asp drop and take multiple outputs of show asp drop.

Regards,

Aditya

Hi Aditya,

No, at this time, everything is normal.

In 30 days thys problem happen 03 times, I just want understand why and avoid this happen again.

Thanks

What does the output of "show conn count" and "show xlate count" look like when the problem is happening?

Please also check with your ISP if they block any ports.

Hello Tristan,

The problem is not happening now, for this reason the show is normal, but I´m trying to undertand why suddenly its happen.

ASA-SSP-Pri# sh conn count
2583 in use, 3380 most used!

!

ASA-SSP-Pri# sh xlate count
2274 in use, 3258 most used