Try setting the outside interface to 100/full. If the uplink the ASA
is connected to is hardcoded to 100/full the ASA may be incorrectly
negotiating to 100/half
On Thu, 21 May 2009 17:51:07 GMT, "Dario" <> wrote:
>Hi,
>I have configured a new 5505 ASA with Security Plus licence.
>I have a poblem: after some hours outside interface stop responding and the
>VPN go down.
>In this state i can't ping my gateway. The inside interfae work well.
>With show interface I haven't any error.
>I've tried to fix speed to 100 Half on switch port and ASA port but the
>problem is the same.
>I have't this problem an any other ASA in my company's site.
>I've changed this devices with an equal devices and the problem is the same.
>I suppose that isn't a configuration problem because other ASA works well.
>There are some output when the ASA s in "locked" state:
>
>ASA# sh int e0/0
>Interface Ethernet0/0 "", is up, line protocol is up
> Hardware is 88E6095, BW 100 Mbps
> Half-Duplex(Half-duplex), 100 Mbps(100 Mbps)
> Available but not configured via nameif
> MAC address 0024.14ef.2a6a, MTU not set
> IP address unassigned
> 2176 packets input, 305804 bytes, 0 no buffer
> Received 90 broadcasts, 0 runts, 0 giants
> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> 0 L2 decode drops
> 5 switch ingress policy drops
> 1702 packets output, 224296 bytes, 0 underruns
> 0 output errors, 0 collisions, 0 interface resets
> 0 babbles, 0 late collisions, 0 deferred
> 0 lost carrier, 0 no carrier
> 0 rate limit drops
> 0 switch egress policy drops
>
>ASA# s int vlan2
>Interface Vlan2 "outside", is up, line protocol is up
> Hardware is EtherSVI
> Description: ToISP
> MAC address 0024.14ef.2a72, MTU 1500
> IP address xx.xx.xxx.xxx, subnet mask 255.255.255.240
> Traffic Statistics for "outside":
> 1802 packets input, 195826 bytes
> 1702 packets output, 193624 bytes
> 19 packets dropped
> 1 minute input rate 0 pkts/sec, 1 bytes/sec
> 1 minute output rate 0 pkts/sec, 15 bytes/sec
> 1 minute drop rate, 0 pkts/sec
> 5 minute input rate 0 pkts/sec, 1 bytes/sec
> 5 minute output rate 0 pkts/sec, 3 bytes/sec
> 5 minute drop rate, 0 pkts/sec
>
>ASA# sh ver
>
>Cisco Adaptive Security Appliance Software Version 7.2(4)
>Device Manager Version 5.2(4)
>
>ASA up 1 hour 20 mins
>
>Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
>Internal ATA Compact Flash, 128MB
>BIOS Flash M50FW080 @ 0xffe00000, 1024KB
>
>Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision
>0x0)
> Boot microcode : ?CNlite-MC-Boot-Cisco-1.2
> SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03
> IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05
> 0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11
> 1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255
> 2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255
> 3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255
> 4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255
> 5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255
> 6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255
> 7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255
> 8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255
> 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
>10: Int: Not used : irq 255
>11: Int: Not used : irq 255
>
>Licensed features for this platform:
>Maximum Physical Interfaces : 8
>VLANs : 20, DMZ Unrestricted
>Inside Hosts : Unlimited
>Failover : Active/Standby
>VPN-DES : Enabled
>VPN-3DES-AES : Enabled
>VPN Peers : 25
>WebVPN Peers : 2
>Dual ISPs : Enabled
>VLAN Trunk Ports : 8
>
>This platform has an ASA 5505 Security Plus license.
>
>Thanks for any help
>
Similar Threads
