ASA 5505 stop working

Unanswered Question
Dec 29th, 2009

I am with a problem in one of the firewalls of my company.

- Almost everyday the firewall stop working and I need to restart it because I lose the remote access;
- This is a ASA 5505 with 7.2.4 firmware;
- There is a configuration default that I use in all firewalls of my company, including others with the same model, firmware e type of traffic, but just this firewall presents it issue;
- We changed the firewall for another with the same model and 8.2.1 firmware;
- We changed the power supply and power cable;
- The temperature and energy meters are ok;
- When the problem occurs, no logs are sent to Syslog Server;
- Using the console interface, we checked the interface status (protocol up) and statistics (no errors, but no traffic, too), logging (no logs), routing table (right and complete), arp table (complete and I believe that is right), cpu (less than 10%) and memory (less than 50%).
- We changed the 5505 for a 5510 with ASA 8.2.1;
- This firewall has three interfaces (inside, dmz and outside):
   - Yesterday, we had a problem and we did the following procedures:
     - We disconnected the cable from the inside interface, the problem persisted;
     - We reconnected the cable to the inside interface;
     - We disconnected the cable from the outside interface, the problem persisted;
     - We reconnected the cable to the inside interface;
     - We disconnected the cable from the dmz interface, the firewall returned to work;
     - We reconnected the cable to the dmz interface, it continues working
     - We changed the switch connected to dmz interface;
   - Today, we had a new problem, but this time, the problem was resolved when we disconnected and reconnected the cable from the outside interface.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Tue, 12/29/2009 - 18:45

Hmm interesting...

Pls. see if you show anything strage in the following output.

1. sh console-output

2. sh crash

You losing remote access means what? You cannot ssh to the firewall or you are unable to connect to the ASA via VPN client?

It is very strange that you would see the same problem with two diff. pieces of hardware and diff. codes.

Something around the firewall might be malfunctioning for the firewall may just react.

When it happens the next time you can connect via console and see what the logs show.

collect captures on all the interfaces and see what traffic arrives.

cap capin int inside

cap capout int outside

cap capdmz int dmz

you can issue

sh cap capin

sh cap capout

sh cap capdmz

and see what that shows you.  Collect the session log to a text file and upload them if you have trouble reading them.

-KS

marcus-barros Wed, 12/30/2009 - 04:22

Thanks Kusankar.

Attached the file with the output of the following commands:

show console-output

show crash

To my eyes, any problem is happening about these issues, but I don't know these parameters very well.

About your questions, all firewall interfaces stop working, so I cannot connect via ssh or VPN because these virtual interfaces use others physical interfaces and they are not working.

I think a good idea the capture of the interfaces when the problem happens. When I have the opportunity to collect this data, I will do it and send you.

Attachment: 
Kureli Sankar Wed, 12/30/2009 - 05:35

Output looks normal. No crash either.

I am sure the firewall doesn't completely lockup.  So, captures are the way to go.

While connected to console pls. check the logs. You should enable logging console or logging buffer.

logging buffered 7

-KS

Actions

This Discussion