PIX 515E to ASA 5505

Unanswered Question
Mar 11th, 2008

Recently upgraded from a PIX 515E to an ASA 5505 and now I lose internet connectivity every hour.

WAN interface reports no issues and the connection works fine if I unplug it from the 5505 and back into the PIX 515E without a reload.

Should I have upgraded to a ASA 5510 not a 5505?

There appears to be a config issue but I just can't find it.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
brettmilborrow Wed, 03/12/2008 - 01:21


Can you confirm how many users you have traversing the firewall?

Also, are those users using the internet alot?

Psuedo123 Wed, 03/12/2008 - 15:40

Approx 300 users through the firewall.

Though a "show tech" does confirm that I have unlimited inside hosts:

Message #36 : Maximum Physical Interfaces : 8

Message #37 : VLANs: 3, DMZ Restricted

Message #38 : Inside Hosts: Unlimited

It is a 10Mb/10Mb link and each user only has 40MB per day for internet bandwidth. The majority don't even get close.

I thought it may be something to do with the MDIX not being auto negotiate though I have set the interface back to auto speed and auto duplex to fix this.

Still have the same problem though.

Psuedo123 Wed, 03/12/2008 - 15:46

Bascially shows that everything is operating correctly.

All interfaces show as up, VLANs Up. I even replaced the unit with another ASA 5505 to rule out any hardware fault (unlikely).

Is not an ISP issue as it all works fine for the PIX 515E.

Dear Psuedo,

I was wondering if you found a solution for the problem you were facing on the ASA 5505 device?

I am facing the same problem and I shared my 'sh tech' output with a friend who was Cisco Certified. She said that the reason why this problem happens is because of the Flash memory is not able to handle a sudden flood of packets which makes the device hang.

The solution for this she suggested is increasing the flash memory or updating the software which i am not able to do. I can't raise a TAC number as well with Cisco.

Have you found any alternative solutions to this?




This Discussion