local LAN problem

Unanswered Question
Jul 13th, 2007
User Badges:

I have recently installed an ASA 5510 with v.7.2.1 software. The flows and NAT traversing the box work fine, but there is a strange effect on the local LAN.

When the ASA is plugged into the local LAN switch - totally vanilla Linksys 48-port gigabit - hosts cannot reliably connect to a MS SQL database machine. The host can reliably be contacted thru the firewall by a DMZ Web box. When the firewall is unplugged, everything works fine locally (but obviously not with the Web box).

I have placed in NAT exemptions for local traffic, inserted the "same-security-traffic permit intra-interface" command, all to no avail.

Also of note, this is manifest in pings as well. The machine will just drop off the LAN mysteriously. I even tried an alternate switch, a Cisco 3500 series configured totally vanilla - no difference.

Does anyone have a general idea what is going on here? I can post a config if necessary, but I was hoping this is a more general problem others have seen. Cheers.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lbrlove Fri, 07/13/2007 - 07:28
User Badges:

Good question, but no conflict. I have painstakingly confirmed all IP addresses, subnet masks, gateway entries, route tables, and even NIC diagnostics. This is a small network, and the four servers and firewall all have assigned addresses (192.168.10.x where 'x' will be in the thirties or forties). All user hosts are DHCP and start with 'x' > 128.

The only mechanism I could imagine causing this under the circumstances would be some host intervening by creating a conflict (i.e. promiscuous arp when it sees the initial arp resolution broadcast). Since it only happens when the ASA is plugged in, I assumed it must be the ASA doing it(?)

Any other explanation anyone can think of? I am no maven on these things.


This Discussion