Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
5
Helpful
3
Replies

switch ASA outside interface connection

gnaveen
Level 1
Level 1

‎03-11-2011 01:39 PM - edited ‎03-11-2019 01:05 PM

Our ASA 5510 is running 8.0(5). We recently upgraded the license from base to security plus. By doing so the capacity of the the external port Ethernet0/0 and Ethernet0/1 should increase from the original FE to GE. But, we were still seeing 100 Mbps on our Ethernet0/0 interface. We figured that out that the provider switch is only supporting 100 Mbps which is a bottleneck for us.The provider will be upgrading there switches to 1 Gb switch.

We will have to swap the switch connections now from 100 Mbps to 1 Gb switch.

What best practice should we be aware of to do this?

What commands should we be familar ourself with?

Though this will be doine in our maintenace window.

All the transaltions/connections will be dropped in our production environment so we are kind of scared.

Appreciate if someone has some suggestions as how we can do this with minimum downtime.

-NG

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎03-11-2011 03:00 PM

Hi  NG,

You are correct about the 2 Gig capable ports e0/0 and e0/1  after license  upgrade,  most likely  the far end port can only do  handle  up to 100mb.

When you and teh ISP upgrade to Gig cable switches  I suggest  to use auto  for the speed and duplex   at both ends, this way you can see the actual bandwidth/speed  when issuing show interfaces on the firewall.

What best practice should we be aware of to do this?

 

There is no realy a best practice when doing these chnages other than using common sense ,

The usual stuff ,  never do these chnages during production hours. Coordinate with your ISP  and have a resource  handy from their end  when making chnages on  the port settings ISP side .  There will always be a quick hiccup  when changing speed duplex   but if you and the ISP make the changes right away at the same time  you probably will not even feel the network disconnects  3 to 4 seconds  at the most.

on your side  you can simply go to the interface and issue those commands

What commands should we be familar ourself with?

interface Ethernet0/0

speed auto

duplex auto

interface Ethernet0/1

speed auto

duplex auto

show interfaces

Regards

Jorge Rodriguez
0 Helpful

gnaveen
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎03-11-2011 04:51 PM

Thanks Jorge! My real concern is if there any way to avoid this hicchup. As what I understand during the network disconnect all the "Connections" will essentially disconect. Only the "translations" still might be able to stand the hicchups.

0 Helpful

gnaveen
Level 1
Level 1
In response to gnaveen

‎03-13-2011 10:03 AM

Assuming, that it takes 10 minutes for this ordeal where the ISP brings down our ASA outside Ethernet0/0 connection.

Do you think changing the UDP connection timeout from the default 2 min to 10 min can avoid this hiccup?

This is what is configured right now on the ASA

!
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
!

ASA5510#show conn detail
UDP outside:74.210.112.106/1061 WEB:10.39.128.10/1191,
    flags -, idle 0s, uptime 17h5m, timeout 2m0s, bytes 618455
TCP outside:10.41.1.123/1203 inside:10.39.1.91/1151,
    flags UIO, idle 23s, uptime 17h7m, timeout 1h0m, bytes 137721

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card