cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1672
Views
0
Helpful
13
Replies

ASA with Internet down

agustinillanes
Level 1
Level 1

Hello:

I have an ASA 5520, with few users (50), sometimes the Internet goes down.

First I thought that was an ISP problem.

But if I restart the ASA, the internet goes up.

I don't really want to restart each time my ASA, but it looks like there is no another solution.

Can you help??

The ASA is acting as a DHCP server.

Where do I have to check if the ASA is the problem??

13 Replies 13

pete.gill
Level 1
Level 1

What version are you running on the ASA?

ASA Version 7,2(3)

Firewall Mode: Routed

Context Mode: Single

There is also installed this module:

Cisco ASA SSM-20

When you lose connectivity, can you still connect to the ASA? If so, can you ping your default gateway while it is down?

I am not really sure.

I will try this the next time it happens.

The router has 2 months, and in the last week, 3 times we have this problem.

I will enter a message as soon as I can.

I access via ASDM, I there seems no problem. Anyway, is there another test do I have to do?.

suschoud
Cisco Employee
Cisco Employee

First of all,you need to make sure that the licensing on asa is correct.It should have a license to allow more then 50 users to access internet.( are u sure there are less then 50 ppl )....

does the internet goes down for everyone or for few ppl.

do u have a static ip or dhcp from isp.

There is a known issue of asa not negotiating ip address after the dhcp lease expires.

if you have a dhcp ip address from isp,try upgrading to 7.2.4 and see if that makes a difference.

####

Regards,

Sushil

Sure that I have less than 50 users.

I have a static IP from the ISP.

When the internet goes down, it does for everyone.

Now, I am monitoring the ASA with only 3 users, lets see what happens.

Hi to everybody again.

I install the ASA with only 2 usuers, all seems to be right, but today after 2 weeks the internet goes down.

I check the ISP and there was no problem.

I can PING my gateway. Also I access the ASA via ADSM and I didn't see anything suspicius.

I have to reset the ASA, and the internet came up again.

clues??

Is your ASA configured to use a syslog server? My PIX 515e (before I replaced it with my ASA) would close all ports, disconnecting Internet, when the syslog server went down. Restarting the PIX would bring it back up. Perhaps the ASA does the same thing - it's a security default behavior.

-- Bill

No it is not.

I check the logs output and something suspicius is that I found many Log ID 302013 and 302014, and finally the LOG ID 321001 (buffer)

Some relation???

Can you post the messages from the log?

I have a couple of questions:

Is your ASA connected to an ISP's router?

What type of line do you have coming into your building?

If it's DSL, is it a pppoe account?

Do you have a tunnel connected from you to somewhere else that you actually get your internet from?

Can you post a config?

Thanks,

--John

HTH, John *** Please rate all useful posts ***

Hi.

I have this escenario.

Internet->ASA5520->ASA5510->LAN

The ASA 5520 is directly connected to the Internet, via ADSL. It is not a pppoe account.

I dont have any tunnel.

I tried only with Internet->ASA5520->LAN, and I had the same error. Actually is working with the 2 ASA, and they are working fine, but whenever it stops working and I have to reset both.

All the configuration was made by ADSM.

Here is the configuration of ASA5520 and 5510

Hi

Since ASA5520 is a unlimited users edition - it can not be a licensencing problem.

I do think this problem is related to the IPS Module, the IPS is known to lock up when using older versions. Please upgrade software in you IPS.

Also check the Interrim releases of the 7.2.3 This might be a bug that locks up your ASA.

Before upgrading your IPS - a simple reconfig to disable it, when problem is there, will solve your internet throughput lockup.

Best Regards

Ove CCIE#21940

Hi

issue the command "show shun" from CLI, and if you got any output, check it against your LAN addresses and your outside IP addresses.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: