We have an ASA 5515 with dual ISP providers (Comcast & AT&T) set up. We have made no changes in regard to the Comcast interface nor the AT&T interface for about a year. All of sudden yesterday we were getting intermittent disconnects and reconnects (about 2-3 minutes up &5-10 minutes down) from our Comcast interfaces. Since there have been no changes made to firewall config and our Windstream connection was fine, I assumed it was on the ISP's end. They are telling me it's a firewall issue. I understand their reasoning however I'd like to get your opinion on the matter.
Here's the troubleshooting steps I've taken far; Comcast is saying everything is fine because if they take my public IP (ex; xxx.xxx.xxx.100) and set on another device like my laptop, everything works fine and does not drop, it's as soon as I plug it into the firewall when it starts dropping in/out. So, I double-checked everything NAT rules, ACL, route maps, etc. Everything looks fine and nothing's changed as expected. I went back to comcast, and they asked me to try another IP in the block, so I changed .100 to .101 and it worked perfect, no drops and consistent. But when I change back to .100 the disconnect issues immediately resume. I go back to comcast, and they tell me it must be a hardware issue with my firewall. I tell them that is highly unlikely as I have 2 firewalls stacked for failover and chances of both of them going out with the exact same issue is highly unlikely. They are still sticking with the issue being on my end. So, I tried restoring my firewall to a known working date, and the exact same issue starts happening (note there have been almost no config changes for a year).
Essentially this xxx.xxx.xxx.100 address will not hold a consistent connection, only on the firewall.
I am at a loss at this point and go home for the night. The next morning, I come in and everything's working fine now with that address, again no config changes have been made for about a year. 4 hours after I left it the .100 address stabilized and has been up since then. This is great but I want to know why this happened to make sure it doesn't happen again or if the issue is even on my end. What do y'all think? I'm leaning more to layer 3 on ISP end now, but I'm not sure because of the laptop test.
Hello So this FW HA pair are the only provider edge devices connecting to two isp circuits and nothing has been change to them before this failure?
Are you able to perform packet capture from the fw when this occurs ?
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
That is correct setup and zero changes performed on the config end. What is confusing me is the issue corrected itself overnight afterhours and before that it was running consistently for over a year. Thats what made me think the issue was on the ISP's end originally. It has been solid again for over 48 hours. If it happens again, I will run a packet capture.