Ping break between ASA & Router (directly connected via ethernet

Zaid Farooqui · ‎08-16-2012

Hi,

we have the following setup for our network :

UserNetwork - ASA5550 - WAN Router 2911 - ISP Netowrk - Branch Routers 877s / 1941s

Since last week we started noticing this problem that the branch users started to complain of slow application response.. After verifying it with the ISP and middle network we noticed that if i ping from my machine (ie usernetwork) to the WAN Router interface (facing the ASA) , i get time outs.. which is strange cause this is directly connected to it via ethernet cable.

anyone has any idea why this is happning or what should i check first.

Regards

Zaid

hobbe · ‎08-16-2012

Hi

First establish where the drops are

Ping the inside interface of the ASA

Do you get the same results ?

Ping from the ASA to the WAN router and to the usernetwork

Do you get drops on either side ?

check the interfaces on both the WAN and the ASA and any switches on the way.

any errors or other problems ?

any tight sectors considering the network traffic, fx saturation or QoS ?

check the cabeling so that there are no loose cables.

exchange the cable inbetween the ASA and WAN.

Good luck

Hope This Helps

Zaid Farooqui · ‎08-16-2012

Hi hobbe,

1) Inside works fine because ive had ping from my desktop to the ASA's inside itnerface without any problem.

2) I get packet drop when i execute ping from the ASA to the WAN i get packet drops 97% success rate.

3) They are directly connected no switches in between.

4) WAN interface has only policy based routing no other QoS implements. The traffic is also the usual as ever so that shouldnt be a problem.

interface Vlan2 > mapped to FE 0/0/0

description To Firewall

ip address 172.16.200.2 255.255.255.248

ip nbar protocol-discovery

ip flow ingress

ip virtual-reassembly

ip policy route-map dr-traffic

5) I will be changing the cable in an hour or so cause its a production network and need to get approvals.

I need to clarify this first before i move on the link between WAN router and branches (if the slow application response problem remains)

thanks for the help, any specif commans that i could possibly run on the WAN router. right now i have loggin enabled and term mon on . the syslog server is also not getting anything ..

for the debug i have debug ethernet-interface on and debut inereface fe 0/0/0 & vlan 2 on but not getting anything.

cadet alain · ‎08-16-2012

Hi,

Are you doing NAT on the ASA? Have you got any ACL or firewall config on the WAN router ?

Regards.

Alain

Don't forget to rate helpful posts.

Zaid Farooqui · ‎08-16-2012

noops all routed mode.. cean simple configs.. and this started happning 2 days back.. nothing else was cha

nged..

flokki123 · ‎08-16-2012

do you always have these timeouts?

asking because i know on some devices the ping is not prioritized, meaning if the router is really busy with other stuff, e.g. routing, it just neglects some kind of traffic, e.g. ping requests.

what is the connection between the branch and the HQ? vpn?

what are the responses, if you ping from the branch the dest. server, or the router or asa?

Ping break between ASA & Router (directly connected via ethernet)