A consultant setup a PIX 515E for one of our clients. The PIX connects to Cisco switch 3548 XL and works fine. The client just bought another ASA 5510 and they connected it to 3560G. It seems OK at beginning, but next day, some computers that need to renew the IP addresses, could not receive the IP from the DHCP. Other computer without renewing IP work as normal.
Since they could not reach the Cisco consultant, they called me for help (I setup windows server for them). I asked them to disconnect the ASA from the switch, then those computers work now. The following are the ports' settings on the both ports PIX and ASA connect to.
PIX to 3548:
switchport trunk encapsulation dot1q
switchport mode trunk
ASA to 3560G:
Can I assume the problem is the ASA connect to 1GB port? If yes, they should configure the speed to 100MB on the 3560G or connect ASA to 3548. Can some one confirm that? Thanks.
Bob, it would be nice to get a bit more information on what is the purpose of the ASA installed in the 3548g switch and how it is configured. From your description it seems ASA was just pluged into switch when opened from the box using default factory settings which has a short dhcp enable address pool on the 192.168.1.0/24 network on the inside interface, perhaps the client's internal network also has this same ip scheme.
In any case, to answer your question the ASA FE ports can do up to 100MB, not GIG, but does have the capability to autosence and if the gig port is auto on the 3560g switch the interfaces will come up.
You can configure the speed duplex either way hardcoded or auto/auto as long as both ends are consistant with one another with transmission settings ASA and switch connection will co-exist happily, I have PIXes in auto/auto without issues and ASAs with hardcoded settings, I believe more in hardcoding settings at both ends ASA and switch. It is when you start seeing errors on interfaces then you would want to hardcode duplex and speed at both ends to be safe. You could check interfaces stats at either end with show interfaces command on ASA side and show interface gigabitethernet0/48 on the switch and note traffic statistics such as crc, runts, etc.. at both ends.. you may also use "clear counters" on ASA and switch to clear old stats records from interfaces.
I re-configured both port to duplex full and speed 100MB. It seems to work. I disconnect the connection right now worry about any issues like last time. I will do more tests tomorrow. Which command I should use to troubleshoot if we have the some issues after re-connect the ASA to the switch?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...