Logs ASA

Unanswered Question

Hi,


Please find attached the log I am getting on my ASA.


What is the best practice to resolve these logs.In attached the file 122.160.x.y is the Public IP(ip on outside interface) on which my inside network is natted.


My network chokes/goes down frequently and it comes back only if I restart the router.I tried one by one on ISP modem,ASA,switch but it comes back only if I restart the router.

The topology is like..

Router-->ASA-->Switch(Different vlans).


Even I changed the router still the problem persists.It only comes back only if we reboot the router.There is no speciifc timing for the network chocking up/going down.It goes down intermittently at least 10 times in a day or so from the day the network was configured?



I noticed the interface connecting router to firewall(i.e inside interface of router and ouside of ASA) not able to ping each other at all...though they are administratley up.Sometime these interfaces pings but success rate comes 20% and sometimes it is 0%.

Please let me know the workaround for the same.Is it due to some threat or something else.


Thanks in advance..


Reg,

Sushil Kumar




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mo'ath Al Rawashdeh Wed, 02/18/2009 - 00:30
User Badges:
  • Bronze, 100 points or more

One of the interfaces might be operating in half duplex. Can you check the duplex mode on the router and ASA interfaces and confirm its full duplex for all?

Hi,

I checked the speed..It is configured for auto duplex on all interfaces of router and ASA.It is automatically picking up full duplex using auto duplex..


I tried changing the speed to full duplex manually and speed 100.It worked good for all the interfaces of ASA.Once I changed the dupexing manually as full duplex on router internet timed out.It was perfect till the time I changed it in the order all interfaces on ASA then int connecting router and firewall..Once I changed the outside connection of the router which connects to ISP,internet went down.Forcefully rebooting the router allowed the pinging of interface connecting the isp..but not the inside interface of router and asa.


Once changing the duplexing back to auto on outside int of asa it worked...


Is this on and off internet going down is due to duplex mismatch??


Let me share one more fact that once we termintated the connection on our router there was speed mistmatch between our router and the isp modem in our premise.Our router was picking the speed as half and was showing the duplex mismatch error.Even manually it was not allowing to force the connection as full.The isp had configured his modem on full duplex..Once isp chnaged this to auto on his modem our router picked up automatically as full on its interface.


I am using ethernet connectivity from my isp to my router..Is that ok or not?

How can i can check if there is any problem from modem of ISP.


In my case My internet comes back by restarting the router every time..


Plz guide.

Reg,

Sushil




vigleik Thu, 04/02/2009 - 00:47
User Badges:

We had a very similar issue, the communication between the ASA and the Zyxel equipment from my ISP stopped. shutdown and no shut on the asa interface did not work. Reboot of the ASA made the communication work again, for some hours. I tried two different ASA 5505, and I tried version 7.2 and 8.0(3)

Same result.

It seems that setting the asa to 100full and using a cross-over cable solved the problem. However, we have not confirmed that the problem returns if we change to auto again.

You may also try putting a switch between the ASA and router.


Actions

This Discussion