Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5505 strange problem

I have a strange problem with ASA5505.

Some times iam not able to ping the outside interface from Internet and the VPN tunnels goes down.

If i reboot the ASA box i will be able to ping the outside interface and the VPN tunnels comes up.

#sh ver

Cisco Adaptive Security Appliance Software Version 7.2(2)

Device Manager Version 5.2(1)

Compiled on Wed 22-Nov-06 14:16 by builders

System image file is "disk0:/asa722-k8.bin"

Config file at boot was "startup-config"

BAR-ASA5505-01 up 1 hour 24 mins

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash LHF00L47 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

Boot microcode : CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Int: Internal-Data0/0 : address is 0019.0724.9ee3, irq 11

1: Ext: Ethernet0/0 : address is 0019.0724.9edb, irq 255

2: Ext: Ethernet0/1 : address is 0019.0724.9edc, irq 255

3: Ext: Ethernet0/2 : address is 0019.0724.9edd, irq 255

4: Ext: Ethernet0/3 : address is 0019.0724.9ede, irq 255

5: Ext: Ethernet0/4 : address is 0019.0724.9edf, irq 255

6: Ext: Ethernet0/5 : address is 0019.0724.9ee0, irq 255

7: Ext: Ethernet0/6 : address is 0019.0724.9ee1, irq 255

8: Ext: Ethernet0/7 : address is 0019.0724.9ee2, irq 255

9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255

10: Int: Not used : irq 255

11: Int: Not used : irq 255

Licensed features for this platform:

Maximum Physical Interfaces : 8

VLANs : 3, DMZ Restricted

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

VPN Peers : 10

WebVPN Peers : 2

Dual ISPs : Disabled

VLAN Trunk Ports : 0

This platform has a Base license.

Serial Number: xxxx

Running Activation Key: xxx

Configuration register is 0x1

Configuration has not been modified since last system restart.

Can somebody tell me what could be the reason?

I have attached the config file.

New Member

Re: ASA 5505 strange problem

Any body has any suggestions?

New Member

Re: ASA 5505 strange problem

I am seeing similar issues with my 5510. I have 2 lan-to-lan tunnels and multiple users connected via ipsec.

Twice today, I've had to issue the following to drop my lan-to-lan to get it re-established:

clear crypto ipsec sa peer

It's getting a little annoying, but it looks like I may have to update my ASA from 7.0(6) and the DM.

Now I have a question: To go from 7.0 to 7.2, do I have to go to 7.1 first?


New Member

Re: ASA 5505 strange problem

No not required, you can directly upgrade from 7.0 to 7.2

HTH if it does.


New Member

Re: ASA 5505 strange problem

What is HTH?

New Member

Re: ASA 5505 strange problem

I have no clue what HTH stands for but if you didn't already figure out you can go directly from 7.0 to 7.2.

NOTE: You will want to look at interim releases for 7.2. I believe 7.2(19) is the latest one. There are several security related vulns that have been fixed since 7.2

New Member

Re: ASA 5505 strange problem


You have probably solved the problem already, so I may be too late with this suggestion:

One of my customers had a similar issue which we were able to resolve by hard setting the ethernet interfaces to 100Mbps and half duplex. It seems the ASA does not always auto-negotiate correctly causing the links to become flakey.

Hope this helps (HTH).

New Member

Re: ASA 5505 strange problem


When the problem occures have you tryied to ping from inside to outside, for outer interface which router is connected