Logs ASA

sushil · ‎02-17-2009

Hi,

Please find attached the log I am getting on my ASA.

What is the best practice to resolve these logs.In attached the file 122.160.x.y is the Public IP(ip on outside interface) on which my inside network is natted.

My network chokes/goes down frequently and it comes back only if I restart the router.I tried one by one on ISP modem,ASA,switch but it comes back only if I restart the router.

The topology is like..

Router-->ASA-->Switch(Different vlans).

Even I changed the router still the problem persists.It only comes back only if we reboot the router.There is no speciifc timing for the network chocking up/going down.It goes down intermittently at least 10 times in a day or so from the day the network was configured?

I noticed the interface connecting router to firewall(i.e inside interface of router and ouside of ASA) not able to ping each other at all...though they are administratley up.Sometime these interfaces pings but success rate comes 20% and sometimes it is 0%.

Please let me know the workaround for the same.Is it due to some threat or something else.

Thanks in advance..

Reg,

Sushil Kumar

Mo'ath Al Rawashdeh · ‎02-18-2009

One of the interfaces might be operating in half duplex. Can you check the duplex mode on the router and ASA interfaces and confirm its full duplex for all?

sushil · ‎02-18-2009

Hi,

I checked the speed..It is configured for auto duplex on all interfaces of router and ASA.It is automatically picking up full duplex using auto duplex..

I tried changing the speed to full duplex manually and speed 100.It worked good for all the interfaces of ASA.Once I changed the dupexing manually as full duplex on router internet timed out.It was perfect till the time I changed it in the order all interfaces on ASA then int connecting router and firewall..Once I changed the outside connection of the router which connects to ISP,internet went down.Forcefully rebooting the router allowed the pinging of interface connecting the isp..but not the inside interface of router and asa.

Once changing the duplexing back to auto on outside int of asa it worked...

Is this on and off internet going down is due to duplex mismatch??

Let me share one more fact that once we termintated the connection on our router there was speed mistmatch between our router and the isp modem in our premise.Our router was picking the speed as half and was showing the duplex mismatch error.Even manually it was not allowing to force the connection as full.The isp had configured his modem on full duplex..Once isp chnaged this to auto on his modem our router picked up automatically as full on its interface.

I am using ethernet connectivity from my isp to my router..Is that ok or not?

How can i can check if there is any problem from modem of ISP.

In my case My internet comes back by restarting the router every time..

Plz guide.

Reg,

Sushil

sushil · ‎02-18-2009

Any update on the this??

Why only restarting the router works for me.Is it due to duplexing issue???

What should do I need to check?Router or ASA?

Reg,

Sushil

vigleik · ‎04-02-2009

We had a very similar issue, the communication between the ASA and the Zyxel equipment from my ISP stopped. shutdown and no shut on the asa interface did not work. Reboot of the ASA made the communication work again, for some hours. I tried two different ASA 5505, and I tried version 7.2 and 8.0(3)

Same result.

It seems that setting the asa to 100full and using a cross-over cable solved the problem. However, we have not confirmed that the problem returns if we change to auto again.

You may also try putting a switch between the ASA and router.