Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5505 + upgrade to 9.1(3)

Hi,

I've tried the upgrade from 9.1(2) to 9.1(3) and I experienced some problems and had to rollback to 9.1(2).

When I was downloading some stuff on a FTP server hosted on Internet, the transfer stopped suddenly and I never been able to connect to another FTP server (even if it was another one). The Internet navigation was still working at this time.

I configure my ASDM to verbose a little bit more and saw some errors related to NAT or routing like this one :

     - Routing failed to locate next hop for udp from NP Identity Ifc:192.168.x.x/448 to inside:76.x.x.x/54146

That error seems to describe a problem to find a route from 192.168 (internal network) in destination to an internet subnet passing by the "inside" interface ?? 76.x.x.x is the subnet of my FTP server hosted on Internet. I really don't understand why my ASA is not using the default gateway that was in the routing table (the setroute parameter on my outside interface was there). It's pretty normal to not being able to reach that subnet on my internal network..

I tried to delete all my dynamic PAT rules and create them from scratch. My FTP server (and all the other ones) were reachable again. It lasted 10 minutes and the same problem came back again.

This time, no errors about routing problems but there was a lot of "logs" showing that all my computers were doing requests to the Internet and the ASA was doing his job to NAT the requests to the Internet but nothing was working, even the Internet navigation was not working. I gave up and go back to 9.1(2).

I'm not confident at all with this update. I have a pretty basic setup and it's not working so i could not imagine putting that update on a production ASA.

Am I alone having those kind of problems ?

Thanks !

226
Views
0
Helpful
0
Replies
CreatePlease to create content