Re: Can't ping outside IP address and not Internet

blin · ‎05-24-2018

All out firewall and switch are Cisco ASA and switch 2960. One of computers keeps having this problem. Once for a while (in one or two days), the computer can't ping outside IP address like 4.2.2.2 and 8.8.8.8. The computer can ping inside network resources such as printers and servers. Renewing IP doesn't fix the problem. We must change it to the static IP adders to make it work. However, the problem comes back in a couple hours. We have replaced the computer and make sure the NIC driver is update. We even changed the switch port connecting to the computer. What could be the problem?

Hulk8647 · ‎05-24-2018

are you getting an IP address when connecting the PC to the LAN? Is it getting a correct IP? Where is your DHCP and did you check and verified it? Do you have access to the switches and DHCP?

blin · ‎05-24-2018

Yes, it gets correct IP address, default gateway and DNS. The DHCP is in DC. By the way, it is no thing to do with the DHCP. After we changed to static IP address, we have the same problem in a few hours. Then we change to different IP address, it works for a while. For example I may use static 10.0.240.1/16. When we have the problem, we change it to 10.0.240.2/16. It works for a couple hours.

smartns04 · ‎05-24-2018

Sounds like an arp problem. Can you check the ARP table on the ASA?. Is everything there as it should be? While it is not working try to clear the ARP table, i guess it will start working again for a while

blin · ‎05-24-2018

ARP could be the issue.

show arp

inside 10.0.240.12 d89e.f33a.557f 11

What's the command to clear ARP on this connation?

smartns04 · ‎05-24-2018

#clear arp "INTERFACE" "IP ADDRESS"

on your case #clear arp inside 10.0.240.12

Is the record you posted correct? Is this the correct mac and ip?

blin · ‎05-24-2018

Yeas, the IP address and Mac address matches. What does the 11 mean? Session number?

smartns04 · ‎05-24-2018

No seconds. Can you truck this mac address at the switch? Is it coming through the correct path? Do you have any wifi devices in the setup?

I suspect some kind of loop or IP misconfiguration

blin · ‎05-24-2018

show mac-address-table address d89e.f33a.557f
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
1 d89e.f33a.557f static ip,ipx,assigned,other GigabitEthernet3/42

We don't have wifi in our LAN, We have public wifi on Comcast modem.

blin · ‎05-24-2018

It is more than one computer. It just happens to another computer. More information.

1. When the computer losses the connection to the Internet, it can't ping ASA as default gateway.

2. The computer can still access other network servers and printers.

3. From the ASA we can't ping the problematic computer.

4. Running clear arp inside ip_address doesn't fix the problem. I must change it to s static IP address.

Georg Pauwen · ‎05-24-2018

Hello,

on a side note, if it is only that one computer, even after replacing the box, I would keep looking at physical issues like cabling. Have you replaced the cable connecting the computer with the switchport as well ?

blin · ‎05-24-2018

We have switch to different port and cable. Next time I may change different cable connecting to the PC.

By the way, other computers have similar problem, but that may happen once per year. This computer keeps having this problem.