05-17-2010 08:43 PM - edited 03-11-2019 10:46 AM
Have ASA5510 and first thing i like to is to open tracert so please help with entry.
Also our connection is not stable and sometimes connection goes down or some sites don't open up. As you go through the configs you can see it's hard-coded with 1000/full and the router 1841 that attached to this 10/100. Can this be issue that connection is not stable and also can we remove 1000/full coded and set to auto-negotiate.
Solved! Go to Solution.
05-17-2010 09:02 PM
You would also need to add the following:
access-list 100 permit icmp any any
icmp unreachable rate-limit 50 burst-size 6
class-map decrement-ttl-class
match any
policy-map global_policy
class inspection_default
inspect icmp error
class decrement-ttl-class
set connection decrement-ttl
Hope that helps.
05-17-2010 09:02 PM
You would also need to add the following:
access-list 100 permit icmp any any
icmp unreachable rate-limit 50 burst-size 6
class-map decrement-ttl-class
match any
policy-map global_policy
class inspection_default
inspect icmp error
class decrement-ttl-class
set connection decrement-ttl
Hope that helps.
05-17-2010 09:10 PM
thank you very much halijenn.
Can you also give me any advise on our connection issue:
"Also our connection is not stable and sometimes connection goes down or some sites don't open up. As you go through the configs you can see it's hard-coded with 1000/full and the router 1841 that attached to this 10/100. Can this be issue that connection is not stable and also can we remove 1000/full coded and set to auto-negotiate."
05-17-2010 09:12 PM
Yes, I would suggest that you change it to auto negotiate on both end, ie: the ASA interface as well as the switch/router interface connected to it.
05-17-2010 09:18 PM
Halijenn that's whrere i am weak at. Can you please give me the entries how to to do that, i don't want to make any mistakes. Thanks you again you have helped me alot.
05-17-2010 09:22 PM
Is it connected to the router directly, or through a switchport?
Here is the configuration on the ASA:
interface Ethernet0/1
speed auto
duplex auto
Please also make sure that you configure the same on the switch port or router port which is connected to the ASA eth0/1 interface.
05-18-2010 06:41 PM
With you're help i am able to tracert and able to fix the 1000/full.
one issue since i made the changes speically with tracert suddnelly my Blackberry stop syncing with our server. I can't send or recive email. Does that have to do anything with these changes.
"access-list 100 permit icmp any any
icmp unreachable rate-limit 50 burst-size 6
class-map decrement-ttl-class
match any
policy-map global_policy
class inspection_default
inspect icmp error
class decrement-ttl-class
set connection decrement-ttl"
05-18-2010 06:56 PM
Great to hear both issues are resolved. Please kindly mark question answered and rate.
I don't believe the tracert changes impacted the Blackberry communication.
You can try removing the following and see if that resolves the Blackberry communication:
policy-map global_policy
no class decrement-ttl-class
If that doesn't fix the Blackberry comm, you can place the configuration back in:
policy-map global_policy
class decrement-ttl-class
set connection decrement-ttl
Hope that helps.
05-18-2010 07:30 PM
thanks will do that. sorry to keep bothering you one more question: on tracert the second hop in middle it's lap(i think)...can you advise
Tracing route to google.com [66.249.91.104]
over a maximum of 30 hops:
1 <1 ms 1 ms <1 ms ..dell switch ip
2 <1 ms * <1 ms xx.xxx.xxx. ...is this an issue. (this ip comes in on asa5510 config on first eithernet 0/0 ..wire is connected with asa5510 and cisco 1841)
3 2 ms 2 ms 2 ms gi0-3.na31.b002958-0.jfk01.atlas.cogentco.com [x
x.xxx.xxx.xx)
4 <1 ms <1 ms <1 ms gi1-46.3929.mpd01.jfk01.atlas.cogentco.com [xx.x
x.xx.253]
5 1 ms <1 ms <1 ms te0-3-0-7.mpd22.jfk02.atlas.cogentco.com [154.54
.1.209]
6 1 ms 1 ms 1 ms te4-7.mpd01.jfk05.atlas.cogentco.com [154.54.6.5
0]
7 1 ms 1 ms 1 ms te1-1.ccr02.jfk05.atlas.cogentco.com [154.54.3.1
61]
8 1 ms 1 ms 1 ms core1-0-0-8.lga.net.google.com [198.32.118.39]
9 1 ms 1 ms 1 ms 209.85.248.180
10 1 ms 1 ms 1 ms 209.85.241.148
11 1 ms 1 ms 1 ms lga15s02-in-f104.1e100.net [66.249.91.104]
05-19-2010 12:01 AM
Sorry, can you please clarify your question on the ASA hop? I don't quite understand what you are trying to ask.
05-19-2010 07:18 AM
As you can see on tracert..first hop is fine (that is our dell switch), second hope which connect with our firewall(asa5510)
have * in the middle rather then number....i asking is there packet drop or connection drop when connection go through our firewall
second hope is like this 2 <1 ms * <1 ms xx.xxx.xxx.(firewall ip)
05-19-2010 07:06 PM
Sorry to keep bothering you...one more question...since i made the change for tracert and 1000/full...outlook outgoing message start getting stuck in queu (on server)...is this some how releted to this entry.....
i removed the 1000/full on 0/1 ethernet and made it auto...this line is connected with firewall to our dell switch...any suggestion....
05-19-2010 10:51 PM
Dont' think the mail issue is related. Unless that particular interface that you change to auto negotiate didn't negotiate to the right speed and duplex.
You can hard code it to the same speed on both the ASA interface and the Dell switch interface. Just make sure that they are exactly the same. Prior to the change, your switch is on 10/100 while the ASA is on 100/1000 and you have manually hard coded it to 1000 hence it's not matching.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: