Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- Network Security
- Periodic network failure
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
1658
Views
0
Helpful
5
Replies
Periodic network failure
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2016 06:43 PM - edited 03-12-2019 12:43 AM
Hello,
I am trying to debug an issue that is causing our traffic to stop flowing through our firewall (ASA 5512-X) to the outside. Here is the history thus far...about a month ago our network would fail...first weekly, now every couple of hours. The only way I could bring it back up was through a system reload. The logs showed only warnings for ACL drops with 3 or 4 errors for dropped traffic attempting to connect thru port 23.There was no indication of an attack in the logs, nor could I see where all interfaces were being blocked to the outside. In addition there are no issues reported above the "error" level.
First of all, no changes have been made to the firewall configuration...the last changes were around a year ago. However, 2 events occurred around the same time...Frontier communications took over our DSL service and our virus protection program license expired.
Today I started seeing the following two errors:
<147>%ASA-3-341008: Storage device not found. Auto-boot of module cxsc cancelled. Install drive and reload to try again.
<147>%ASA-3-341008: Storage device not found. Auto-boot of module sfr cancelled. Install drive and reload to try again.
I am not sure if perhaps there is a hardware issue, or if I should be looking elsewhere...
Any insight would be greatly appreciated...
Our current running configuration is as follows:
:
: Serial Number: FCH1831703Z
: Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
:
ASA Version 9.4(1)2
!
hostname ciscoasa
domain-name norco.local
enable password h30Mk3BTV65g2DWh encrypted
names
!
interface GigabitEthernet0/0
nameif Verizon
security-level 0
ip address 100.39.18.94 255.255.255.0
!
interface GigabitEthernet0/1
description Local Norco Domain
nameif Norco.local
security-level 100
ip address 10.0.0.10 255.255.255.0
!
interface GigabitEthernet0/2
description SCE-DRAS SERVER
nameif SCE-DRAS
security-level 50
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/3
nameif VOIP
security-level 50
ip address 10.20.0.1 255.255.255.0
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa941-2-smp-k8.bin
boot system disk0:/asa933-2-smp-k8.bin
boot system disk0:/asa932-2-smp-k8.bin
boot system disk0:/asa931-smp-k8.bin
ftp mode passive
dns domain-lookup Verizon
dns domain-lookup Norco.local
dns server-group DefaultDNS
name-server 68.238.64.12
name-server 10.0.0.1
name-server 68.238.96.12
name-server 207.173.225.3
name-server 216.67.192.3
domain-name norco.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object service HTTP-19560
service tcp destination eq 19560
object service HTTP-65535
service tcp destination eq 65535
object service HTTP-8933
service tcp destination eq 8933
object service HTTP-8943
service tcp destination eq 8943
object service RTP
service udp destination range 19560 65535
object service SIP-TCP-8943
service tcp destination range 8933 8943
description IPPHONE - SIP
object service SIP-UDP-8943
service udp destination range 8933 8943
description IPPHONE - SIP
object network Camera-Subnet
subnet 10.10.0.0 255.255.255.0
description Camera Subnet
object network NPISPY
host 10.0.0.7
description CAMERA SUBNET LOCATION
object service smtp
service tcp destination eq smtp
object network SMTP-SERVER
host 10.0.0.1
object network norco
host 10.0.0.10
object service Game-CLient-Traffic
service udp destination range 27000 27015
object service IN-home-streaming
service tcp destination range 27036 27037
object service Matchmaking-HLTV
service udp destination range 27015 27030
object service Outbound
service udp destination eq 4380
object service STEAM-Downloads
service tcp destination range 27014 27050
object service In-Home-Streaming
service udp destination range 27036 27037
object network HTTP-SERVER
host 10.0.0.1
object network HTTPS-SERVER
host 10.0.0.1
object service SFTP
service tcp destination eq ssh
object network 128.177.36.0
range 128.177.36.1 128.177.36.255
object network 130.81.199.98
host 130.81.199.98
object service Port4500
service udp destination eq 4500
object service Port500
service udp destination eq isakmp
object service Citizen-TCP
service tcp destination range 8000 8020
object service Citizen-UDP
service udp destination range 64090 64110
object-group network IPHONE-SERVERS
description VERIZON IP-PHONE SERVERS
network-object 128.177.14.0 255.255.255.0
network-object host 199.19.195.241
network-object host 199.19.195.243
network-object host 199.19.195.250
network-object 128.177.36.0 255.255.255.0
network-object object 130.81.199.98
network-object host 64.125.21.61
object-group service GENERAL-ACCESS tcp
description GENERAL SERVICES ACCESS
port-object eq ftp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq ssh
object-group service IP-PHONE-SERVICE
description PHONE SYSTEM ACCESS RULES
service-object object HTTP-19560
service-object object HTTP-65535
service-object object HTTP-8933
service-object object HTTP-8943
service-object object RTP
service-object object SIP-TCP-8943
service-object object SIP-UDP-8943
service-object tcp-udp destination eq 1025
service-object tcp destination eq www
service-object tcp destination eq https
service-object udp destination eq domain
service-object udp destination eq ntp
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq www
service-object tcp-udp destination eq sip
service-object tcp destination eq domain
service-object tcp destination eq finger
service-object tcp destination eq ftp
service-object tcp destination eq h323
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object tcp destination eq telnet
service-object udp destination eq dnsix
service-object udp destination eq www
service-object icmp
service-object icmp6
service-object tcp destination eq sip
object-group service General-TCP-UDP-Access
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq www
service-object tcp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq www
service-object tcp destination eq https
service-object udp destination eq domain
service-object udp destination eq www
service-object udp destination eq ntp
service-object udp destination eq radius
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object object SFTP
service-object object Port4500
service-object object Port500
service-object icmp
object-group service SMTP-2 tcp
description smtp-2
port-object eq 587
object-group service SMTPS tcp
description Secure SMTP
port-object eq 465
object-group service STEAM
description STEAM ACCESS
service-object object Game-CLient-Traffic
service-object object Matchmaking-HLTV
service-object object Outbound
service-object object STEAM-Downloads
service-object object IN-home-streaming
service-object object In-Home-Streaming
service-object object Citizen-TCP
service-object object Citizen-UDP
object-group service DM_INLINE_TCP_1 tcp
port-object eq imap4
port-object eq pop3
port-object eq smtp
group-object SMTP-2
group-object SMTPS
object-group service DM_INLINE_TCP_2 tcp
port-object eq imap4
port-object eq pop3
port-object eq smtp
group-object SMTP-2
group-object SMTPS
access-list Verizon_access_in extended permit object-group IP-PHONE-SERVICE object-group IPHONE-SERVERS any
access-list Verizon_access_in extended permit object-group General-TCP-UDP-Access any4 any
access-list Verizon_access_in extended permit tcp any4 object SMTP-SERVER object-group DM_INLINE_TCP_2
access-list Verizon_access_in extended permit object-group STEAM any host 10.0.0.75
access-list Verizon_access_out extended permit object-group IP-PHONE-SERVICE any object-group IPHONE-SERVERS
access-list Verizon_access_out extended permit object-group General-TCP-UDP-Access any4 any4
access-list Verizon_access_out extended permit tcp object SMTP-SERVER any4 object-group DM_INLINE_TCP_1
access-list Verizon_access_out extended permit object-group STEAM host 10.0.0.75 any
access-list Verizon_access_out extended permit ip any any
access-list VOIP_access_out extended permit ip any any
access-list SMTP_ACL extended permit tcp host 100.39.18.94 any eq smtp
access-list VOIP_access_in extended permit ip any any
access-list global_mpc_1 extended permit object-group IP-PHONE-SERVICE object-group IPHONE-SERVERS 10.0.0.0 255.255.255.0
access-list global_mpc_1 extended permit object-group IP-PHONE-SERVICE 10.0.0.0 255.255.255.0 object-group IPHONE-SERVERS
access-list SCE-DRAS_access_in extended permit object-group General-TCP-UDP-Access any any
!
scansafe general-options
server primary ip 10.0.0.1 port 80
retry-count 5
!
pager lines 24
logging enable
logging list Emergency_syslogs level emergencies
logging asdm warnings
logging mail errors
logging from-address john@norco.biz
logging recipient-address john@norco.biz level errors
logging facility 18
logging flash-bufferwrap
logging class auth mail errors
mtu Verizon 1500
mtu Norco.local 1500
mtu SCE-DRAS 1500
mtu VOIP 1500
mtu management 1500
ip verify reverse-path interface Verizon
ip verify reverse-path interface Norco.local
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-741.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network SMTP-SERVER
nat (Norco.local,Verizon) static interface service tcp smtp smtp
object network HTTP-SERVER
nat (Norco.local,Verizon) static interface service tcp www www
object network HTTPS-SERVER
nat (Norco.local,Verizon) static interface service tcp https https
!
nat (Norco.local,Verizon) after-auto source dynamic any interface
nat (SCE-DRAS,Verizon) after-auto source dynamic any interface
nat (VOIP,Verizon) after-auto source dynamic any interface
access-group Verizon_access_in in interface Verizon
access-group Verizon_access_out out interface Verizon
access-group SCE-DRAS_access_in in interface SCE-DRAS
access-group VOIP_access_in in interface VOIP
access-group VOIP_access_out out interface VOIP
route Verizon 0.0.0.0 0.0.0.0 100.39.18.1 1
route Norco.local 10.10.0.0 255.255.255.0 10.0.0.7 2
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.0.0 255.255.255.0 Norco.local
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
subject-name CN=10.0.0.10,CN=ciscoasa
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
enrollment self
subject-name CN=10.0.0.10,CN=ciscoasa
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate a0965f54
3082020f 30820178 a0030201 020204a0 965f5430 0d06092a 864886f7 0d010105
0500304c 3111300f 06035504 03130863 6973636f 61736131 12301006 03550403
13093130 2e302e30 2e313031 23302106 092a8648 86f70d01 09021614 63697363
6f617361 2e6e6f72 636f2e6c 6f63616c 301e170d 31343131 31353134 35303133
5a170d32 34313131 32313435 3031335a 304c3111 300f0603 55040313 08636973
636f6173 61311230 10060355 04031309 31302e30 2e302e31 30312330 2106092a
864886f7 0d010902 16146369 73636f61 73612e6e 6f72636f 2e6c6f63 616c3081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100cf 9d37514a
18989279 f1508b2a 21e0b843 08efbddc 23ce97e3 d973d943 469d444f d3bc5359
678b5f71 3f1f9e5c 2c36a64e 7ced7ad0 9d8600d8 cff19cd8 7f61cc90 4b17b228
e7c4fa37 cc61845c 1a8e8d5e ba1674f9 21e89523 fb8cd45f d4ecd1b3 cfd5de25
bc7d42ba 93dd7ba9 9d71b5fd 49484b6f c964bc7d 06abdd4d a419e502 03010001
300d0609 2a864886 f70d0101 05050003 81810054 b650e055 ba6f89b6 7d188b2a
9810417f e814bd7a afe354f0 7e354d92 ab55b9c5 8b968991 79ac3522 7d211548
f6e925e0 e922147a 45a7bdb8 1a78debf 498f22b6 e9897e4a 6de92d29 d9990a40
12c52bfb 777734c9 726e0e71 9730cfcc 22c90d1a 95dba116 a63efebf f2940d30
e51a9cdf 4737f6de a977df09 339783d1 232c82
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_1
certificate a2965f54
3082020f 30820178 a0030201 020204a2 965f5430 0d06092a 864886f7 0d010105
0500304c 3111300f 06035504 03130863 6973636f 61736131 12301006 03550403
13093130 2e302e30 2e313031 23302106 092a8648 86f70d01 09021614 63697363
6f617361 2e6e6f72 636f2e6c 6f63616c 301e170d 31343131 31363131 33373531
5a170d32 34313131 33313133 3735315a 304c3111 300f0603 55040313 08636973
636f6173 61311230 10060355 04031309 31302e30 2e302e31 30312330 2106092a
864886f7 0d010902 16146369 73636f61 73612e6e 6f72636f 2e6c6f63 616c3081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100cf 9d37514a
18989279 f1508b2a 21e0b843 08efbddc 23ce97e3 d973d943 469d444f d3bc5359
678b5f71 3f1f9e5c 2c36a64e 7ced7ad0 9d8600d8 cff19cd8 7f61cc90 4b17b228
e7c4fa37 cc61845c 1a8e8d5e ba1674f9 21e89523 fb8cd45f d4ecd1b3 cfd5de25
bc7d42ba 93dd7ba9 9d71b5fd 49484b6f c964bc7d 06abdd4d a419e502 03010001
300d0609 2a864886 f70d0101 05050003 8181005e 6a4b2658 1e6e935b ceeb57b9
2895974e ea134ae0 bd54c67d b4805fc7 3c080822 4f76436e 2bf8742f b5534084
a1d564ed a57596ef b27bab96 3ab4114d c743231b b66ab338 fbdc160c 4d12dfbb
43b3f4fe 9ce6a010 4ff3136a 7179aa39 9235798d 9647fa19 2fb815cc 2e6bb91a
9df88294 fbc90138 e7a4a450 d7ec3ea3 85ca87
quit
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcp-client update dns server both
dhcpd dns 10.0.0.1
dhcpd auto_config Norco.local
!
dhcpd address 192.168.10.2-192.168.10.5 SCE-DRAS
dhcpd auto_config Norco.local interface SCE-DRAS
dhcpd update dns both interface SCE-DRAS
!
dhcpd address 10.20.0.11-10.20.0.254 VOIP
dhcpd auto_config Norco.local interface VOIP
dhcpd update dns both interface VOIP
!
dhcpd address 192.168.1.2-192.168.1.10 management
!
dhcprelay server 10.0.0.1 Norco.local
dhcprelay enable SCE-DRAS
dhcprelay enable VOIP
dhcprelay timeout 60
dhcprelay information trust-all
priority-queue Verizon
priority-queue Norco.local
priority-queue VOIP
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.0.0.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 10.0.0.75 255.255.255.255
threat-detection scanning-threat shun except ip-address 10.20.0.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 100.39.18.94 255.255.255.255
threat-detection scanning-threat shun except ip-address 128.177.14.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 192.168.1.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 192.168.10.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 199.19.195.241 255.255.255.255
threat-detection scanning-threat shun except ip-address 199.19.195.243 255.255.255.255
threat-detection scanning-threat shun except ip-address 199.19.195.250 255.255.255.255
threat-detection scanning-threat shun except ip-address 64.125.21.61 255.255.255.255
threat-detection scanning-threat shun except object-group IPHONE-SERVERS
threat-detection scanning-threat shun duration 3600
threat-detection statistics host
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-filter use-database
dynamic-filter enable
dynamic-filter drop blacklist
dynamic-filter ambiguous-is-black
dynamic-filter whitelist
name summerinfant.com
name www.summerinfant.com
dynamic-filter blacklist
address 200.123.109.46 255.255.255.255
address 198.245.94.230 255.255.255.255
address 199.68.198.110 255.255.255.255
I've cut most of the black lists data out as there were quite a few...
: Serial Number: FCH1831703Z
: Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
:
ASA Version 9.4(1)2
!
hostname ciscoasa
domain-name norco.local
enable password h30Mk3BTV65g2DWh encrypted
names
!
interface GigabitEthernet0/0
nameif Verizon
security-level 0
ip address 100.39.18.94 255.255.255.0
!
interface GigabitEthernet0/1
description Local Norco Domain
nameif Norco.local
security-level 100
ip address 10.0.0.10 255.255.255.0
!
interface GigabitEthernet0/2
description SCE-DRAS SERVER
nameif SCE-DRAS
security-level 50
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/3
nameif VOIP
security-level 50
ip address 10.20.0.1 255.255.255.0
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa941-2-smp-k8.bin
boot system disk0:/asa933-2-smp-k8.bin
boot system disk0:/asa932-2-smp-k8.bin
boot system disk0:/asa931-smp-k8.bin
ftp mode passive
dns domain-lookup Verizon
dns domain-lookup Norco.local
dns server-group DefaultDNS
name-server 68.238.64.12
name-server 10.0.0.1
name-server 68.238.96.12
name-server 207.173.225.3
name-server 216.67.192.3
domain-name norco.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object service HTTP-19560
service tcp destination eq 19560
object service HTTP-65535
service tcp destination eq 65535
object service HTTP-8933
service tcp destination eq 8933
object service HTTP-8943
service tcp destination eq 8943
object service RTP
service udp destination range 19560 65535
object service SIP-TCP-8943
service tcp destination range 8933 8943
description IPPHONE - SIP
object service SIP-UDP-8943
service udp destination range 8933 8943
description IPPHONE - SIP
object network Camera-Subnet
subnet 10.10.0.0 255.255.255.0
description Camera Subnet
object network NPISPY
host 10.0.0.7
description CAMERA SUBNET LOCATION
object service smtp
service tcp destination eq smtp
object network SMTP-SERVER
host 10.0.0.1
object network norco
host 10.0.0.10
object service Game-CLient-Traffic
service udp destination range 27000 27015
object service IN-home-streaming
service tcp destination range 27036 27037
object service Matchmaking-HLTV
service udp destination range 27015 27030
object service Outbound
service udp destination eq 4380
object service STEAM-Downloads
service tcp destination range 27014 27050
object service In-Home-Streaming
service udp destination range 27036 27037
object network HTTP-SERVER
host 10.0.0.1
object network HTTPS-SERVER
host 10.0.0.1
object service SFTP
service tcp destination eq ssh
object network 128.177.36.0
range 128.177.36.1 128.177.36.255
object network 130.81.199.98
host 130.81.199.98
object service Port4500
service udp destination eq 4500
object service Port500
service udp destination eq isakmp
object service Citizen-TCP
service tcp destination range 8000 8020
object service Citizen-UDP
service udp destination range 64090 64110
object-group network IPHONE-SERVERS
description VERIZON IP-PHONE SERVERS
network-object 128.177.14.0 255.255.255.0
network-object host 199.19.195.241
network-object host 199.19.195.243
network-object host 199.19.195.250
network-object 128.177.36.0 255.255.255.0
network-object object 130.81.199.98
network-object host 64.125.21.61
object-group service GENERAL-ACCESS tcp
description GENERAL SERVICES ACCESS
port-object eq ftp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq ssh
object-group service IP-PHONE-SERVICE
description PHONE SYSTEM ACCESS RULES
service-object object HTTP-19560
service-object object HTTP-65535
service-object object HTTP-8933
service-object object HTTP-8943
service-object object RTP
service-object object SIP-TCP-8943
service-object object SIP-UDP-8943
service-object tcp-udp destination eq 1025
service-object tcp destination eq www
service-object tcp destination eq https
service-object udp destination eq domain
service-object udp destination eq ntp
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq www
service-object tcp-udp destination eq sip
service-object tcp destination eq domain
service-object tcp destination eq finger
service-object tcp destination eq ftp
service-object tcp destination eq h323
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object tcp destination eq telnet
service-object udp destination eq dnsix
service-object udp destination eq www
service-object icmp
service-object icmp6
service-object tcp destination eq sip
object-group service General-TCP-UDP-Access
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq www
service-object tcp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq www
service-object tcp destination eq https
service-object udp destination eq domain
service-object udp destination eq www
service-object udp destination eq ntp
service-object udp destination eq radius
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object object SFTP
service-object object Port4500
service-object object Port500
service-object icmp
object-group service SMTP-2 tcp
description smtp-2
port-object eq 587
object-group service SMTPS tcp
description Secure SMTP
port-object eq 465
object-group service STEAM
description STEAM ACCESS
service-object object Game-CLient-Traffic
service-object object Matchmaking-HLTV
service-object object Outbound
service-object object STEAM-Downloads
service-object object IN-home-streaming
service-object object In-Home-Streaming
service-object object Citizen-TCP
service-object object Citizen-UDP
object-group service DM_INLINE_TCP_1 tcp
port-object eq imap4
port-object eq pop3
port-object eq smtp
group-object SMTP-2
group-object SMTPS
object-group service DM_INLINE_TCP_2 tcp
port-object eq imap4
port-object eq pop3
port-object eq smtp
group-object SMTP-2
group-object SMTPS
access-list Verizon_access_in extended permit object-group IP-PHONE-SERVICE object-group IPHONE-SERVERS any
access-list Verizon_access_in extended permit object-group General-TCP-UDP-Access any4 any
access-list Verizon_access_in extended permit tcp any4 object SMTP-SERVER object-group DM_INLINE_TCP_2
access-list Verizon_access_in extended permit object-group STEAM any host 10.0.0.75
access-list Verizon_access_out extended permit object-group IP-PHONE-SERVICE any object-group IPHONE-SERVERS
access-list Verizon_access_out extended permit object-group General-TCP-UDP-Access any4 any4
access-list Verizon_access_out extended permit tcp object SMTP-SERVER any4 object-group DM_INLINE_TCP_1
access-list Verizon_access_out extended permit object-group STEAM host 10.0.0.75 any
access-list Verizon_access_out extended permit ip any any
access-list VOIP_access_out extended permit ip any any
access-list SMTP_ACL extended permit tcp host 100.39.18.94 any eq smtp
access-list VOIP_access_in extended permit ip any any
access-list global_mpc_1 extended permit object-group IP-PHONE-SERVICE object-group IPHONE-SERVERS 10.0.0.0 255.255.255.0
access-list global_mpc_1 extended permit object-group IP-PHONE-SERVICE 10.0.0.0 255.255.255.0 object-group IPHONE-SERVERS
access-list SCE-DRAS_access_in extended permit object-group General-TCP-UDP-Access any any
!
scansafe general-options
server primary ip 10.0.0.1 port 80
retry-count 5
!
pager lines 24
logging enable
logging list Emergency_syslogs level emergencies
logging asdm warnings
logging mail errors
logging from-address john@norco.biz
logging recipient-address john@norco.biz level errors
logging facility 18
logging flash-bufferwrap
logging class auth mail errors
mtu Verizon 1500
mtu Norco.local 1500
mtu SCE-DRAS 1500
mtu VOIP 1500
mtu management 1500
ip verify reverse-path interface Verizon
ip verify reverse-path interface Norco.local
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-741.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network SMTP-SERVER
nat (Norco.local,Verizon) static interface service tcp smtp smtp
object network HTTP-SERVER
nat (Norco.local,Verizon) static interface service tcp www www
object network HTTPS-SERVER
nat (Norco.local,Verizon) static interface service tcp https https
!
nat (Norco.local,Verizon) after-auto source dynamic any interface
nat (SCE-DRAS,Verizon) after-auto source dynamic any interface
nat (VOIP,Verizon) after-auto source dynamic any interface
access-group Verizon_access_in in interface Verizon
access-group Verizon_access_out out interface Verizon
access-group SCE-DRAS_access_in in interface SCE-DRAS
access-group VOIP_access_in in interface VOIP
access-group VOIP_access_out out interface VOIP
route Verizon 0.0.0.0 0.0.0.0 100.39.18.1 1
route Norco.local 10.10.0.0 255.255.255.0 10.0.0.7 2
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.0.0 255.255.255.0 Norco.local
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
subject-name CN=10.0.0.10,CN=ciscoasa
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
enrollment self
subject-name CN=10.0.0.10,CN=ciscoasa
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate a0965f54
3082020f 30820178 a0030201 020204a0 965f5430 0d06092a 864886f7 0d010105
0500304c 3111300f 06035504 03130863 6973636f 61736131 12301006 03550403
13093130 2e302e30 2e313031 23302106 092a8648 86f70d01 09021614 63697363
6f617361 2e6e6f72 636f2e6c 6f63616c 301e170d 31343131 31353134 35303133
5a170d32 34313131 32313435 3031335a 304c3111 300f0603 55040313 08636973
636f6173 61311230 10060355 04031309 31302e30 2e302e31 30312330 2106092a
864886f7 0d010902 16146369 73636f61 73612e6e 6f72636f 2e6c6f63 616c3081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100cf 9d37514a
18989279 f1508b2a 21e0b843 08efbddc 23ce97e3 d973d943 469d444f d3bc5359
678b5f71 3f1f9e5c 2c36a64e 7ced7ad0 9d8600d8 cff19cd8 7f61cc90 4b17b228
e7c4fa37 cc61845c 1a8e8d5e ba1674f9 21e89523 fb8cd45f d4ecd1b3 cfd5de25
bc7d42ba 93dd7ba9 9d71b5fd 49484b6f c964bc7d 06abdd4d a419e502 03010001
300d0609 2a864886 f70d0101 05050003 81810054 b650e055 ba6f89b6 7d188b2a
9810417f e814bd7a afe354f0 7e354d92 ab55b9c5 8b968991 79ac3522 7d211548
f6e925e0 e922147a 45a7bdb8 1a78debf 498f22b6 e9897e4a 6de92d29 d9990a40
12c52bfb 777734c9 726e0e71 9730cfcc 22c90d1a 95dba116 a63efebf f2940d30
e51a9cdf 4737f6de a977df09 339783d1 232c82
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_1
certificate a2965f54
3082020f 30820178 a0030201 020204a2 965f5430 0d06092a 864886f7 0d010105
0500304c 3111300f 06035504 03130863 6973636f 61736131 12301006 03550403
13093130 2e302e30 2e313031 23302106 092a8648 86f70d01 09021614 63697363
6f617361 2e6e6f72 636f2e6c 6f63616c 301e170d 31343131 31363131 33373531
5a170d32 34313131 33313133 3735315a 304c3111 300f0603 55040313 08636973
636f6173 61311230 10060355 04031309 31302e30 2e302e31 30312330 2106092a
864886f7 0d010902 16146369 73636f61 73612e6e 6f72636f 2e6c6f63 616c3081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100cf 9d37514a
18989279 f1508b2a 21e0b843 08efbddc 23ce97e3 d973d943 469d444f d3bc5359
678b5f71 3f1f9e5c 2c36a64e 7ced7ad0 9d8600d8 cff19cd8 7f61cc90 4b17b228
e7c4fa37 cc61845c 1a8e8d5e ba1674f9 21e89523 fb8cd45f d4ecd1b3 cfd5de25
bc7d42ba 93dd7ba9 9d71b5fd 49484b6f c964bc7d 06abdd4d a419e502 03010001
300d0609 2a864886 f70d0101 05050003 8181005e 6a4b2658 1e6e935b ceeb57b9
2895974e ea134ae0 bd54c67d b4805fc7 3c080822 4f76436e 2bf8742f b5534084
a1d564ed a57596ef b27bab96 3ab4114d c743231b b66ab338 fbdc160c 4d12dfbb
43b3f4fe 9ce6a010 4ff3136a 7179aa39 9235798d 9647fa19 2fb815cc 2e6bb91a
9df88294 fbc90138 e7a4a450 d7ec3ea3 85ca87
quit
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcp-client update dns server both
dhcpd dns 10.0.0.1
dhcpd auto_config Norco.local
!
dhcpd address 192.168.10.2-192.168.10.5 SCE-DRAS
dhcpd auto_config Norco.local interface SCE-DRAS
dhcpd update dns both interface SCE-DRAS
!
dhcpd address 10.20.0.11-10.20.0.254 VOIP
dhcpd auto_config Norco.local interface VOIP
dhcpd update dns both interface VOIP
!
dhcpd address 192.168.1.2-192.168.1.10 management
!
dhcprelay server 10.0.0.1 Norco.local
dhcprelay enable SCE-DRAS
dhcprelay enable VOIP
dhcprelay timeout 60
dhcprelay information trust-all
priority-queue Verizon
priority-queue Norco.local
priority-queue VOIP
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.0.0.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 10.0.0.75 255.255.255.255
threat-detection scanning-threat shun except ip-address 10.20.0.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 100.39.18.94 255.255.255.255
threat-detection scanning-threat shun except ip-address 128.177.14.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 192.168.1.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 192.168.10.0 255.255.255.0
threat-detection scanning-threat shun except ip-address 199.19.195.241 255.255.255.255
threat-detection scanning-threat shun except ip-address 199.19.195.243 255.255.255.255
threat-detection scanning-threat shun except ip-address 199.19.195.250 255.255.255.255
threat-detection scanning-threat shun except ip-address 64.125.21.61 255.255.255.255
threat-detection scanning-threat shun except object-group IPHONE-SERVERS
threat-detection scanning-threat shun duration 3600
threat-detection statistics host
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-filter use-database
dynamic-filter enable
dynamic-filter drop blacklist
dynamic-filter ambiguous-is-black
dynamic-filter whitelist
name summerinfant.com
name www.summerinfant.com
dynamic-filter blacklist
address 200.123.109.46 255.255.255.255
address 198.245.94.230 255.255.255.255
address 199.68.198.110 255.255.255.255
I've cut most of the black lists data out as there were quite a few...
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl trust-point ASDM_Launcher_Access_TrustPoint_1 Norco.local
ssl trust-point ASDM_Launcher_Access_TrustPoint_1 Norco.local vpnlb-ip
webvpn
anyconnect-essentials
no error-recovery disable
dynamic-access-policy-record DfltAccessPolicy
!
class-map VOIP-class
match access-list global_mpc_1
class-map SMTP_CLASS
match access-list SMTP_ACL
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map SMTP_POLICY
class SMTP_CLASS
set connection random-sequence-number disable
policy-map smtp_policy
policy-map type inspect ipsec-pass-thru IPSEC-Pass
parameters
esp
ah
policy-map global_policy
description QOS for VOIP
class VOIP-class
priority
user-statistics accounting
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect esmtp
inspect dns preset_dns_map dynamic-filter-snoop
class class-default
user-statistics accounting
!
service-policy global_policy global
smtp-server 10.0.0.1
prompt hostname context
no call-home reporting anonymous
call-home
contact-email-addr john@norco.biz
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 15
subscribe-to-alert-group configuration periodic monthly 15
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:1210c8c871cfc0abc8d872684a027c8c
: end
Labels:
- Labels:
-
NGFW Firewalls
5 Replies 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2016 07:54 PM
It sounds like the SSD in the firewall has failed.
%ASA-3-341008: Storage device not found.
If you have a support contract, like Cisco SmartNet, then contact Cisco TAC to arrange an RMA.
Otherwise I would just remove the SSD. It is on the front right hand side. Just pull it out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2016 07:35 AM
Thank you for the response...
I don't actually have an SSD installed...I believe there is a boot disk, but I think that is internal to the unit.
I forgot to mention one other important detail...when the flow of traffic outbound stops, it does resume at a later point in time--there is no pattern to the time. But during the day, I cannot wait so I have been doing a system reload.
I initially thought the ASA was shunning traffic, but the same issues occur even after basic threat detection has been turned off.
For example, last night:
Off at 6:57PM, back on at 9:12PM (135 minutes)
Off at 10:23PM, back on at 1:13AM (170 minutes)
Off at 4:01AM, back on at 5:13AM (72 minutes)
Off at 6:23AM...I did a system reload at this point.
There doesn't seem to be any pattern to the UP or Down sequence. Please note, these OFF / ON times I am reporting are from a Power Company device...we are sent emails notifying us when our equipment loses it's connection to their server...when the net goes up or down they send us an email. I cannot physically tell by reviewing the ASA logs when the connection is lost. When the net is down, through the GUI interface, all interfaces are showing as UP...and there are no logged messages higher than ERROR.
Thanks again and take care,
John
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2016 12:30 PM
This could still be so many things.
Perhaps one of the circuits are going down.
Perhaps try leaving a continuous ping going from inside your network to the inside oft he firewall, and see if that shows packet loss.
Perhaps use an external monitoring service, and leave a ping going to your firewall's outside interface, and to the default route of the firewall, so you can see if it is the circuit going down.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2016 02:25 PM
Last night I removed the ASA 5512-X and replaced it with my old SA520...I am noticing the same failures with the exception that the SA520 comes back up within a minute or two compared to several hours with the ASA 5512.
I put a call into Frontier Communications to see if there is something else wrong on their side...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2016 04:18 PM
Moving discussion to the appropriate community.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents
