Hello,
I have an ASA5510 connected to an external vendor on the outside inf, and to my mpls network on the inside inf. It's running in L2 mode, and not blocking anything right yet. My routers, switch, ASA, and vendor switch are all in the same sub-net.
For some reason ping tests through the ASA take 15 sec to get a response, and will run fine for around 45 sec or so, then hang for 20sec. and then resume. This cycle repeats. Taking the ASA out of the path removes this issue so I'm certain it's the ASA.
I spoke with a TAC engineer and he said that the ASA inside and outside inf had to be in different VLANs. I don't know why that would matter as the inside and outside inf are on different switches. If they were on the same switch I could understand this being true.
I do remember reading that the ASA doesn't pass BPDUs, and the 20 sec drop would seem right for a spanning tree block, but I don't see anything getting dropped with I debug icmp on the ASA. I'm baffled at this point.
Any suggestions?