ASA5510 stopped passing traffic

Unanswered Question
Sep 4th, 2008
User Badges:

Hi.I just had a rather strange problem with an ASA5510.One moment it was working fine and the next moment it stopped passing traffic from the inside interface to any other interface.The funny thing is I could connect to the ASA over VPN but access to anything behind the inside interface was a no go.Also after connecting to the equpment on the inside network via alternate means everything was also fine.The strangest thing is that interfaces on the ASA and on the equipment connected to it were all up,routing was up but traffic to the inside network was not going to happen.We finally reloaded the primary ASA to see if the failover ASA would take over and everything went back to normal.The logs show nothing and according to them everything was OK.

Did anyone else have this very strange problem?

ASA image file version is 7.0(6)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
sadbulali Wed, 09/10/2008 - 13:28
User Badges:
  • Bronze, 100 points or more

The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a Stateful Failover link. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs.The security appliance supports two failover configurations, Active/Active failover and Active/Standby failover. Each failover configuration has its own method for determining and performing failover. With Active/Active failover, both units can pass network traffic. This also lets you configure traffic sharing on your network.

robertson.michael Thu, 09/11/2008 - 13:06
User Badges:
  • Silver, 250 points or more

Hi Igor,

One possibility is that an incorrect translation was built and got stuck in the xlate table. I have seen this cause traffic outages many times. You can use the output of 'show xlate debug' to confirm this, but only if the problem is actively happening.

ARP issues are another possibility, but again there is no way to confirm this after the ASA has been reloaded.



This Discussion