I'm getting a problem with our ASA 5510 locking up and the connection basically dropping when a large of amount of traffic is passed through it.
The set up is very simple, my ISP has provided an 1841 router and that is connected directly to my ASA.
What seems to be happening is that when a large amount of traffic (backups) is being passed through the number of CRC errors my ISP sees starts increasing rapidly and then eventually traffic just stops flowing. A reboot of the firewall will fix this, until the next large batch of traffic and it happens again.
I'm running 8.0.4 (yes, not exactly up to date, perhaps a known bug in this version?). There is very little config on the external interface, no rules beyond "allow traffic from a higher interface to a lower interface).
We have tried 3 different cables, all brand new in their packaging and also port 0/0 and 0/2.
CPU and memory usage are not spiking at the time of the issue.
We have tried all combinations of speed and duplex settings, the only thing we noticed there is that if both ends are set to full 100 the connection simply doesn't work. Do I need a cross over cable to make manual settings work?
My config is attached, hoping someone has seen this behaviour before.
More number of CRC you get... more packet drops and even in worst case it blocks all the traffic..... there you need to check the physical connectiviity between two devices..... router to fw cable.... else there might be a problem with the physical interface itself.....
do you see any log messages shows some errors related to traffic drops?
I do not see any related bugs or release notes for that specific version....
moreover we cannot do much with 1841, which is a EOL device....
If you want to try upgrading, then go for minimum of 8.2.5.
There are a few things that could be causing these errors. I would first make sure that the port is operating in Full Duplex (show interface gig0/1 or show int ip brief). If the port is not in Full Duplex and you have no configuration for this on your ASA, have the ISP check their config.
Other things that can cause this issue are, Karthik has mentioned some, faulty cables or a faulty port. Also if you are using a GBIC SFP, try changing it.
Please remember to select a correct answer and rate helpful posts
Please remember to rate and select a correct answer
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...