ASA 5505 Outside problem

Discussion in 'Cisco' started by Dario, May 21, 2009.

  1. Dario

    Dario Guest

    Hi,
    I have configured a new 5505 ASA with Security Plus licence.
    I have a poblem: after some hours outside interface stop responding and the
    VPN go down.
    In this state i can't ping my gateway. The inside interfae work well.
    With show interface I haven't any error.
    I've tried to fix speed to 100 Half on switch port and ASA port but the
    problem is the same.
    I have't this problem an any other ASA in my company's site.
    I've changed this devices with an equal devices and the problem is the same.
    I suppose that isn't a configuration problem because other ASA works well.
    There are some output when the ASA s in "locked" state:

    ASA# sh int e0/0
    Interface Ethernet0/0 "", is up, line protocol is up
    Hardware is 88E6095, BW 100 Mbps
    Half-Duplex(Half-duplex), 100 Mbps(100 Mbps)
    Available but not configured via nameif
    MAC address 0024.14ef.2a6a, MTU not set
    IP address unassigned
    2176 packets input, 305804 bytes, 0 no buffer
    Received 90 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 L2 decode drops
    5 switch ingress policy drops
    1702 packets output, 224296 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collisions, 0 deferred
    0 lost carrier, 0 no carrier
    0 rate limit drops
    0 switch egress policy drops

    ASA# s int vlan2
    Interface Vlan2 "outside", is up, line protocol is up
    Hardware is EtherSVI
    Description: ToISP
    MAC address 0024.14ef.2a72, MTU 1500
    IP address xx.xx.xxx.xxx, subnet mask 255.255.255.240
    Traffic Statistics for "outside":
    1802 packets input, 195826 bytes
    1702 packets output, 193624 bytes
    19 packets dropped
    1 minute input rate 0 pkts/sec, 1 bytes/sec
    1 minute output rate 0 pkts/sec, 15 bytes/sec
    1 minute drop rate, 0 pkts/sec
    5 minute input rate 0 pkts/sec, 1 bytes/sec
    5 minute output rate 0 pkts/sec, 3 bytes/sec
    5 minute drop rate, 0 pkts/sec

    ASA# sh ver

    Cisco Adaptive Security Appliance Software Version 7.2(4)
    Device Manager Version 5.2(4)

    ASA up 1 hour 20 mins

    Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
    Internal ATA Compact Flash, 128MB
    BIOS Flash M50FW080 @ 0xffe00000, 1024KB

    Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision
    0x0)
    Boot microcode : ?CNlite-MC-Boot-Cisco-1.2
    SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03
    IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05
    0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11
    1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255
    2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255
    3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255
    4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255
    5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255
    6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255
    7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255
    8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255
    9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
    10: Int: Not used : irq 255
    11: Int: Not used : irq 255

    Licensed features for this platform:
    Maximum Physical Interfaces : 8
    VLANs : 20, DMZ Unrestricted
    Inside Hosts : Unlimited
    Failover : Active/Standby
    VPN-DES : Enabled
    VPN-3DES-AES : Enabled
    VPN Peers : 25
    WebVPN Peers : 2
    Dual ISPs : Enabled
    VLAN Trunk Ports : 8

    This platform has an ASA 5505 Security Plus license.

    Thanks for any help
    Dario, May 21, 2009
    #1
    1. Advertising

  2. Dario

    Chino Guest

    > In this state i can't ping my gateway. The inside interfae work well.
    > With show interface I haven't any error.
    > I've tried to fix speed to 100 Half on switch port and ASA port but the
    > problem is the same.
    > I have't this problem an any other ASA in my company's site.
    > I've changed this devices with an equal devices and the problem is the
    > same. I suppose that isn't a configuration problem because other ASA works
    > well.
    > There are some output when the ASA s in "locked" state:
    >


    Could it be a problem of the device connected to the ASA?
    Maybe it could be a switch with a blocked port or stuffs like that.
    Chino, May 25, 2009
    #2
    1. Advertising

  3. Dario

    TedZ Guest

    Try setting the outside interface to 100/full. If the uplink the ASA
    is connected to is hardcoded to 100/full the ASA may be incorrectly
    negotiating to 100/half


    On Thu, 21 May 2009 17:51:07 GMT, "Dario" <> wrote:

    >Hi,
    >I have configured a new 5505 ASA with Security Plus licence.
    >I have a poblem: after some hours outside interface stop responding and the
    >VPN go down.
    >In this state i can't ping my gateway. The inside interfae work well.
    >With show interface I haven't any error.
    >I've tried to fix speed to 100 Half on switch port and ASA port but the
    >problem is the same.
    >I have't this problem an any other ASA in my company's site.
    >I've changed this devices with an equal devices and the problem is the same.
    >I suppose that isn't a configuration problem because other ASA works well.
    >There are some output when the ASA s in "locked" state:
    >
    >ASA# sh int e0/0
    >Interface Ethernet0/0 "", is up, line protocol is up
    > Hardware is 88E6095, BW 100 Mbps
    > Half-Duplex(Half-duplex), 100 Mbps(100 Mbps)
    > Available but not configured via nameif
    > MAC address 0024.14ef.2a6a, MTU not set
    > IP address unassigned
    > 2176 packets input, 305804 bytes, 0 no buffer
    > Received 90 broadcasts, 0 runts, 0 giants
    > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    > 0 L2 decode drops
    > 5 switch ingress policy drops
    > 1702 packets output, 224296 bytes, 0 underruns
    > 0 output errors, 0 collisions, 0 interface resets
    > 0 babbles, 0 late collisions, 0 deferred
    > 0 lost carrier, 0 no carrier
    > 0 rate limit drops
    > 0 switch egress policy drops
    >
    >ASA# s int vlan2
    >Interface Vlan2 "outside", is up, line protocol is up
    > Hardware is EtherSVI
    > Description: ToISP
    > MAC address 0024.14ef.2a72, MTU 1500
    > IP address xx.xx.xxx.xxx, subnet mask 255.255.255.240
    > Traffic Statistics for "outside":
    > 1802 packets input, 195826 bytes
    > 1702 packets output, 193624 bytes
    > 19 packets dropped
    > 1 minute input rate 0 pkts/sec, 1 bytes/sec
    > 1 minute output rate 0 pkts/sec, 15 bytes/sec
    > 1 minute drop rate, 0 pkts/sec
    > 5 minute input rate 0 pkts/sec, 1 bytes/sec
    > 5 minute output rate 0 pkts/sec, 3 bytes/sec
    > 5 minute drop rate, 0 pkts/sec
    >
    >ASA# sh ver
    >
    >Cisco Adaptive Security Appliance Software Version 7.2(4)
    >Device Manager Version 5.2(4)
    >
    >ASA up 1 hour 20 mins
    >
    >Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
    >Internal ATA Compact Flash, 128MB
    >BIOS Flash M50FW080 @ 0xffe00000, 1024KB
    >
    >Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision
    >0x0)
    > Boot microcode : ?CNlite-MC-Boot-Cisco-1.2
    > SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03
    > IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05
    > 0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11
    > 1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255
    > 2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255
    > 3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255
    > 4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255
    > 5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255
    > 6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255
    > 7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255
    > 8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255
    > 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
    >10: Int: Not used : irq 255
    >11: Int: Not used : irq 255
    >
    >Licensed features for this platform:
    >Maximum Physical Interfaces : 8
    >VLANs : 20, DMZ Unrestricted
    >Inside Hosts : Unlimited
    >Failover : Active/Standby
    >VPN-DES : Enabled
    >VPN-3DES-AES : Enabled
    >VPN Peers : 25
    >WebVPN Peers : 2
    >Dual ISPs : Enabled
    >VLAN Trunk Ports : 8
    >
    >This platform has an ASA 5505 Security Plus license.
    >
    >Thanks for any help
    >
    TedZ, May 29, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,317
  2. Jack
    Replies:
    0
    Views:
    647
  3. barret bonden
    Replies:
    3
    Views:
    2,877
    Walter Roberson
    Aug 18, 2008
  4. Dogg Child

    Re: ASA 5505 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    0
    Views:
    597
    Dogg Child
    Jun 7, 2010
  5. Dogg Child

    ASA 5550 behind ASA 5505

    Dogg Child, Jun 7, 2010, in forum: Cisco
    Replies:
    4
    Views:
    1,036
    Morph
    Jun 8, 2010
Loading...

Share This Page