cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3403
Views
0
Helpful
6
Replies

Random ASA5505 config reloads?

Alan Herriman
Level 1
Level 1

I've been trying to track down intermitent problems with one of our branch office ASA5505's .The way we have been tracking it is primarily through ping/icmp connectivity. Occasionily our tracking software will report that is stops responding to ping requests then in almost less than a minute it will start replying again. I'm allowing icmp to that interface and it is internal. Examing the logs it almost looks like the config is being reloaded but I've never seen this kinda of log before so I'm not sure if it is just sending it's config to a host or actually reloading its config.

Here is the first part of it:

2011-10-17 07:05:05          Local4.Notice          192.168.22.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'logging host inside 192.168.2.20' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'logging host inside 192.168.2.21' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN1 192.168.254.9 1 track 1' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN98 192.168.254.9 1 track 2' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN202 192.168.254.9 1 track 3' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside 192.168.254.28 192.168.254.9 1 track 4' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN80 192.168.254.9 1 track 80' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN81 192.168.254.9 1 track 81' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN82 192.168.254.9 1 track 82' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route outside 0.0.0.0 173.162.39.138 1' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside LAN 192.168.254.9 1' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside VLAN112 192.168.254.9 1' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'route inside 192.168.254.1 192.168.254.9 1' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'dynamic-access-policy-record DfltAccessPolicy' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'aaa local authentication attempts max-fail 5' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'http server enable 4443' command.

2011-10-17 07:05:05          Local4.Notice          192.168.254.10          Oct 17 2011 07:05:05: %ASA-5-111008: User 'Config' executed the 'http 0.0.0.0 inside' command.

I've santized certain parts, but it does look like its realoding the config, has anyone run into this, or possibly know why this would happen?

Thanks in advance,

Alan

6 Replies 6

varrao
Level 10
Level 10

Hi Alan,

These logs are due to command execution by users on the ASA. It does not point towards any ASA reload. Try looking in the logs any possible cause for the ASA not responding. Take captures and check the arp entries when the ASA stops responding.

Captures:

https://supportforums.cisco.com/docs/DOC-17814

Varun

Thanks,
Varun Rao

I did a couple caputure but nothing stuck out as being a huge issue. I've been running a conintous ping on the interface all day and had no problems. The issue is so intermintent it is difficult to troubleshoot. Here is a diagram to help illistrate waht I'm talking about.

My computer is off SW4 as is the monitoring software that detects the firewall stops responding to icmp. The device in question is the one called remote firewall. There is a T1 it has to cross, but I don't think that is realated.

I am having an exact problem. Every 6h or so configurations is reloaded and that disrupts the operation of the FW for about 1 minute. It drops all connections during the time.

Have you ever found a solution ?

 

Let me know. Thanks

Hi Khoa, 

 

This was a pretty old problem of mine. I did end up finding a more stable version of code and migrating to that. Hopefully, that helps. I did not end up find the specific bug causing the issue. 

 

Best regards,

Alan

Thank you Alan. Any chance that your FW was a part of High Availability cluster ? I removed mine from a HA cluster and started having this issue.

 

Mine are 2 identical ASA5510s with the same code 8.2(5). I manually removed all of the "Failover" commands but the config keeps reloading itself every few hours with the same syslogs that you had.

Nerka
Level 1
Level 1
It is failover function. "show failover"
If failover  disabled also requires additional disable system configuration
conf ter
failover
failover standby config-lock
no failover
end
Review Cisco Networking for a $25 gift card