06-23-2009 07:50 PM - edited 03-06-2019 06:25 AM
I have a cisco ASA with a very basic setup.
LAN (10.8.0.x) --> ASA --> DMZ (192.168.2.x) --> internet
Intermittently I get no response from my email (and other) servers in the DMZ. However - from the internet the connection does not drop - I can continue to connect to mail ports on our servers.
I have put a PC on the DMZ and checked the connection on the servers and they are fine.
The LAN to DMZ access comes up shortly after (30 seconds or so) from the time it decides not to work, but there is seemingly no reason for the traffic not to flow.
There are no errors in the logs, traffic on the lan does go to the firewall but from there nothing appears to happen. Routes on the DMZ are simple enough so there's nothing being lost there as it's just the default back through the firewall, likewise - the ASA knows where to send traffic but appears to decide not to play nicely on a random basis - could be an hour, could be 20 minutes.... could be longer.
It works most of the time - so ACL's etc shouldn't be an issue.
I would appreciate any asssitance you might be able to provide to point me in the right direction for resolving this one.
06-25-2009 10:03 AM
I would check if the CPU load is high on the ASA while this happens. Also, check to see if there are any unresolved or resolved caveats on the release notes on the ASA IOS version you are running.
06-30-2009 08:47 PM
Thanks for the ideas. The CPU is doing nothing when it stops - it's actually idle 99.9% of the time as I'm the only one using services through it till I nut this out. I'm starting to think it might have more to do with the local switches (they're just a basic mix of layer 2 managed and others unmanaged switches) - it looks like if I ping the ASA every 10 seconds I (so far today) can access the proxy when previously it would have stopped working by now so it's as if either the local lan on the asa stops responding - OR - the switches have issues sending traffic to it.
I will go read up on the IOS version and spend some time on site and sort through switching or IOS issues.
Again - thanks for the ideas.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide