Not sure how to best phrase this question as it's proving difficult to pinpoint the root cause!
In brief we have an ASA 5505 device (cleaned config attached) with a 48 port gigabit HP ProCurve v1910. The HP is running the latest firmware available and the ASA is on 9.1(1).
We are finding random internet drops occuring for client workstations whereby the only way to resolve is to clear arp on the ASA. We've lowered the ARP timeout to 60 seconds as having it higher seems to cause the issue more frequently. The HP switch is all pretty plug and play with no VLANs or anything out of the ordinary configured - very much a simple setup so far. The sympoms experienced are below:
Random client workstations drop connection and connect connect to the internet.
ASA cannot ping workstations that have dropped connection.
Client workstations can sometimes ping the ASA which does resume internet connectivity.
Clearing ARP cache on the ASA always resumes internet connectivity for clients when it drops.
The HP switch shows a populated MAC table and has the default timeout of 300 seconds
One workstation refuses to be learned by the ASA where ARP debugs show the ASA waiting for a response but nothing happens. Hardcoding the ARP entry then allows access to the internet along with NAT port redirects to the PC from external sources.
General ARP debugs look fine as far as I can tell, the last drop we had showed the workstations IP and ARP entry still in the table so it hadn't timed out yet but communcation still stopped so we're starting to think the switch is at fault.
These issues were present on the original HP firmware so have since updated. The ASA was on 9.1(2) so we tried downgrading to 9.1(1) as we have this version deployed in other locations without problems.
We've also tired enabling/disabling some of the arp proxy settings but nothing seems to make a difference so barring faulty kit/cabling we've hit a brickwall! Any help or suggestions much appreciated!
When the problem happens what do you get on the ASA in the output of show arp looking for the address and mac of the client that is having problems?
For the clients that drop it appears to be mixed. Sometimes we'll see their IP/MAC when we issue a show arp other times we won't see them at all.
One instance we saw the entry for the client, could not ping the client, removed the individual arp entry and manually added back as a static but still couldn't ping the workstation from the ASA.
As soon as we issued a clear arp it seemed to resolve and we could again ping the workstation and the workstation was able to access the internet.
I agree with lamanaryp. 5505's base license have 10 inside-hosts, this can be upgraded to 50, or unlimited I believe. The behavior you describe seem to point to this.