ASA5505 with AT&T DSL

Unanswered Question
Mar 25th, 2010

Hello,


I have a remote ASA 5505 that is connected to Bellsouth DSL service that randomly drops out.  The DSL itself seems to be rather unstable and I'm not sure if the problem is related to the line or my configuration.  The 5505 is configured to connect to the headend 5510 at HQ via EZVPN.


The current setup is as follows:


PC/Cisco 7941 Phone --> ASA 5505 --> Netopia 3347 (bridge mode) --> internet --> ASA5510 (corporate network)


What I'm experiencing is randomly throughout the day the ASA stops responding for 7 or 8 seconds in sequence.  I can see this when performing a continuous ping to the static ip address that is pulled by the FW.  Outside of the random 7 to 8 second packet drop period, the connection works and the phone and PC are directly accessible (via NEM mode).  The VPN tunnel does not drop during the time the connection goes out.  Even when the user is on a phone call, it just loses communication for the 7 second duration and then picks right back up.  This occurs randomly throughout the day even when I've disabled the port the phone is plugged into and the user's laptop is not in use.


The only information that seems to show up in logging is an error for each of the split tunnel networks


Any idea what might cause this to happen on the FW?  Is there anything I could look into doing to see what might be happening between the ASA and the Netopia router?  Could this still be something going on with the VPN tunnel?  AT&T has informed me numerous times that everything is fine on their side.


Supporting Info:


drop out:

Reply from xxx.xxx.xxx.xxx: bytes=32 time=97ms TTL=255
Reply from xxx.xxx.xxx.xxx: bytes=32 time=92ms TTL=255
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from xxx.xxx.xxx.xxx: bytes=32 time=91ms TTL=255
Reply from xxx.xxx.xxx.xxx: bytes=32 time=91ms TTL=255



Logging Messages:


These errors come up during rekey or when the tunnel is made.  This does not occur each time the connection drops out though.  It doesn't seem to effect the funcationality when things are working.  There is 1 "rejected" error for each of the split tunnel networks defined on the headend.


%ASA-3-713119: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, PHASE 1 COMPLETED
Mar 24 2010 11:09:45: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 11:09:45: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 11:09:48: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 17:57:47: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 17:57:47: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 17:57:50: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy


The only other logging errors that look significant are as follows. This happens when the DSL line itself seems to go out.  This does not show up when the drop out occurs either!


Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:
Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:Peer not responding
Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:
Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:LCP down

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
trippi Fri, 04/02/2010 - 11:17

Try running a continuous ping to the DSL modem and also to the DSL's modem's gateway.

See which one of those drops.

We have had numerous problems with AT&T DSL.....I always ask to talk to Tier 2 support right off the bat...

Actions

This Discussion