I have a Cisco 5505, and I am having problem pinging the gateway on the outside. If was working fine when i just installed it and then stopped after a few hours.
I can see large number of 1334 switch ingress policy drops now.
The outside interface is connected to a Cisco Catalyst 2960G, with a vlan created between the gateway and the asa outside interface.
Gio/1 -vlan34 ---> service provider
gi0/2 -vlan 34 ---> asa 5505 outside e0/0 interface.
Gi0/3 -vlan 34 --> router
gi0/4 - vlan 34 --> PIX
The pix and router can ping the sp gateway with no problem.
Here is the interface configuration on the asa 5505
ip address 10.102.246.71 255.255.255.240
ip address xxxxxx 255.255.255.248
switchport access vlan 2
FW# sh int e0/0
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 0025.45fd.e466, MTU not set
IP address unassigned
1910 packets input, 141491 bytes, 0 no buffer
Received 56 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
1334 switch ingress policy drops
4 packets output, 256 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
I have checked there is no port security on the switch or the port is err-disabled on the switch.
Both ports on switch and asa are auto sensing and there is no problem of mismatch since there are no CRC.
can you change the VLAN 2 on the asa to Vlan 34 as i can see the port on the switch is configured as VLAN 34. also , hardcode the speed and duplex on both of the devices ( switch & asa - full/100mbps).