I have a site-to-site VPN set up between an ASA 5545 and a Meraki MX84. It has been a little unreliable to say the least. At any rate, today the tunnel went down and I tried resetting the peer connection from the ASA, something that has worked in the...
I'm prepping to put a 5545-X in to replace a 5505. The 5505 was running pre-8.3, and our new one is running 9.1. I have been trying to do the most basic thing I thought possible (statically NAT'ing an internal server) and have had zero success. Can s...
Hi. I am in the process of swapping out ASA 5505 for an ASA 5545-X. I have a few questions (sort've general in nature) about the best way to test and deploy. The current ASA sits off of an HP ProCurve 5406 which connects to our ISPs uplink. All traff...
Our ASA 5505 is running very slowly, and causing slow response times from the servers sitting behind it. I'm seeing cpu usage of ~80% for the most part, and show processes cpu-hog looks like this: Process: ssh_init, PROC_PC_TOTAL: 2, MAXHOG: 11,...
Related to my other question, can someone give a glance at this packet-tracer output and tell me if nat translation looks like it could be a problem for getting traffic from 10.100.0.0 across an l2l tunnel to 192.168.0.0? It says ALLOW, but it's not ...
I think I've gotten a better handle on this. I see that NAT-T is enabled on the ASA, and I believe on the Meraki as well. If I understand how this works, the devices figure out for themselves if the other end of their traffic is behind a NAT device a...
Thank you for your response. I came in this morning and checked the status of the tunnel again (using the ASDM this time) and found some very confusing output. (Note: I was also just told that someone power cycled the Meraki again this morning becaus...
I'm pasting my entire config in case the snippets above aren't enough info/are too disjointed.
ASA Version 9.2(2)4
!
hostname internap-5545
domain-name company.com
enable password ******* encrypted
passwd ******* encrypted
names
ip local pool Rem...
Thank you! You very much did! What you said jives with what I was reading here: http://www.packetu.com/2011/11/07/the-asas-arp-behavior/. In a nutshell, that even if you have proxy arp enabled, if you don't have a NAT statement of some kind correspon...
Hi, I see. No, I have 0 overruns. It appears I was making an erroneous assumption that if my cpu usage is high, it has to be some sort of hogging process. Instead maybe it's simply the ASA is getting more traffic than it can handle. I have not done ...