ASA 5505 strange problem

ckuriyar74 · ‎05-29-2007

I have a strange problem with ASA5505.

Some times iam not able to ping the outside interface from Internet and the VPN tunnels goes down.

If i reboot the ASA box i will be able to ping the outside interface and the VPN tunnels comes up.

#sh ver

Cisco Adaptive Security Appliance Software Version 7.2(2)

Device Manager Version 5.2(1)

Compiled on Wed 22-Nov-06 14:16 by builders

System image file is "disk0:/asa722-k8.bin"

Config file at boot was "startup-config"

BAR-ASA5505-01 up 1 hour 24 mins

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash LHF00L47 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0 : address is 0019.0724.9ee3, irq 11

1: Ext: Ethernet0/0 : address is 0019.0724.9edb, irq 255

2: Ext: Ethernet0/1 : address is 0019.0724.9edc, irq 255

3: Ext: Ethernet0/2 : address is 0019.0724.9edd, irq 255

4: Ext: Ethernet0/3 : address is 0019.0724.9ede, irq 255

5: Ext: Ethernet0/4 : address is 0019.0724.9edf, irq 255

6: Ext: Ethernet0/5 : address is 0019.0724.9ee0, irq 255

7: Ext: Ethernet0/6 : address is 0019.0724.9ee1, irq 255

8: Ext: Ethernet0/7 : address is 0019.0724.9ee2, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 3, DMZ Restricted

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 10

WebVPN Peers : 2

Dual ISPs : Disabled

VLAN Trunk Ports : 0

This platform has a Base license.

Serial Number: xxxx

Running Activation Key: xxx

Configuration register is 0x1

Configuration has not been modified since last system restart.

Can somebody tell me what could be the reason?

I have attached the config file.

ckuriyar74 · ‎05-30-2007

Any body has any suggestions?

john.croson · ‎05-31-2007

I am seeing similar issues with my 5510. I have 2 lan-to-lan tunnels and multiple users connected via ipsec.

Twice today, I've had to issue the following to drop my lan-to-lan to get it re-established:

clear crypto ipsec sa peer

It's getting a little annoying, but it looks like I may have to update my ASA from 7.0(6) and the DM.

Now I have a question: To go from 7.0 to 7.2, do I have to go to 7.1 first?

TIA!

ckuriyar74 · ‎05-31-2007

No not required, you can directly upgrade from 7.0 to 7.2

HTH if it does.

Chandru

john.croson · ‎06-01-2007

What is HTH?

Daniel.M.Edwards · ‎06-06-2007

I have no clue what HTH stands for but if you didn't already figure out you can go directly from 7.0 to 7.2.

NOTE: You will want to look at interim releases for 7.2. I believe 7.2(19) is the latest one. There are several security related vulns that have been fixed since 7.2

eugeneg · ‎07-20-2007

Hi

You have probably solved the problem already, so I may be too late with this suggestion:

One of my customers had a similar issue which we were able to resolve by hard setting the ethernet interfaces to 100Mbps and half duplex. It seems the ASA does not always auto-negotiate correctly causing the links to become flakey.

Hope this helps (HTH).

raghavendra.pn · ‎07-30-2007

HI

When the problem occures have you tryied to ping from inside to outside, for outer interface which router is connected