Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
2
Replies

ASA 5515-X sessions freeze intermittently

Go to solution
LACNIC LACNIC
Level 1
Level 1

‎05-02-2017 01:16 PM

Hello everyone, here in the company we are setting up a new ASA 5515-X as a vpn server. All the clients can connect to  internal services but... the problem is that the sessions freeze intermittently, if I ping from a vpn client to one of the internal servers the result is:

====
host:~ user$ ping host.example.com
PING host.example.com (200.7.12.34): 56 data bytes
64 bytes from 200.7.12.34: icmp_seq=0 ttl=63 time=9.837 ms
64 bytes from 200.7.12.34: icmp_seq=1 ttl=63 time=7.233 ms
64 bytes from 200.7.12.34: icmp_seq=2 ttl=63 time=7.044 ms
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
64 bytes from 200.7.12.34: icmp_seq=8 ttl=63 time=7.349 ms
64 bytes from 200.7.12.34: icmp_seq=9 ttl=63 time=8.330 ms
64 bytes from 200.7.12.34: icmp_seq=10 ttl=63 time=7.480 ms
64 bytes from 200.7.12.34: icmp_seq=11 ttl=63 time=8.224 ms
64 bytes from 200.7.12.34: icmp_seq=12 ttl=63 time=6.683 ms
Request timeout for icmp_seq 13
Request timeout for icmp_seq 14
Request timeout for icmp_seq 15
Request timeout for icmp_seq 16
Request timeout for icmp_seq 17
64 bytes from 200.7.12.34: icmp_seq=18 ttl=63 time=7.453 ms
64 bytes from 200.7.12.34: icmp_seq=19 ttl=63 time=7.830 ms
64 bytes from 200.7.12.34: icmp_seq=20 ttl=63 time=101.754 ms
64 bytes from 200.7.12.34: icmp_seq=21 ttl=63 time=14.572 ms
64 bytes from 200.7.12.34: icmp_seq=22 ttl=63 time=7.730 ms
Request timeout for icmp_seq 23
Request timeout for icmp_seq 24
Request timeout for icmp_seq 25
Request timeout for icmp_seq 26
Request timeout for icmp_seq 27
64 bytes from 200.7.12.34: icmp_seq=28 ttl=63 time=9.106 ms
64 bytes from 200.7.12.34: icmp_seq=29 ttl=63 time=11.068 ms
64 bytes from 200.7.12.34: icmp_seq=30 ttl=63 time=9.210 ms
64 bytes from 200.7.12.34: icmp_seq=31 ttl=63 time=8.597 ms
64 bytes from 200.7.12.34: icmp_seq=32 ttl=63 time=12.371 ms
Request timeout for icmp_seq 33
Request timeout for icmp_seq 34
Request timeout for icmp_seq 35
Request timeout for icmp_seq 36
Request timeout for icmp_seq 37
64 bytes from 200.7.12.34: icmp_seq=38 ttl=63 time=6.410 ms
64 bytes from 200.7.12.34: icmp_seq=39 ttl=63 time=9.154 ms
64 bytes from 200.7.12.34: icmp_seq=40 ttl=63 time=6.664 ms
64 bytes from 200.7.12.34: icmp_seq=41 ttl=63 time=11.868 ms
64 bytes from 200.7.12.34: icmp_seq=42 ttl=63 time=7.768 ms
Request timeout for icmp_seq 43
Request timeout for icmp_seq 44
Request timeout for icmp_seq 45
Request timeout for icmp_seq 46
Request timeout for icmp_seq 47
64 bytes from 200.7.12.34: icmp_seq=48 ttl=63 time=8.263 ms
^C
--- host.example.com ping statistics ---
49 packets transmitted, 24 packets received, 51.0% packet loss
round-trip min/avg/max/stddev = 6.410/12.583/101.754/18.696 ms
====

Packet loss matches session freezes (ssh, web navigation, etc.) and the pattern "five pings ok five pings timeout" repeats over and over, where can I start looking for the problem?

Thank you!

Regards,
Juan.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎05-02-2017 03:45 PM

Looks for two routes where one is wrong (such as a default route).  Look for asymmetric routing.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎05-02-2017 03:45 PM

Looks for two routes where one is wrong (such as a default route).  Look for asymmetric routing.

0 Helpful

Go to solution
LACNIC LACNIC
Level 1
Level 1

‎05-17-2017 08:37 AM

Yes Philip, you are correct, there was an asymmetric routing problem between the routes established by the ASA and those that we received from our ISP. Thank you for your help.

Regards,

Juan.

0 Helpful
Customers Also Viewed These Support Documents