Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA random reboots

Correction: SLA had nothing to do with the issue.           

I have a customer with a ASA 5505 runing 8.2(5) with a T1  in 0/0 and a wireless connection in 0/1 with SLA setup on 0/0 route to failover to 0/1 route. The wireless connection will go up and down but when this happens it causes a disruption in service on 0/0. I removed the SLA and disabled 0/1 and it has been fine since.

Any help is much appreciated!

~Chad                  

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA SLA Failover

Hello Chad,

Time to open a case with TAC so we can decode the Core Dump.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
15 REPLIES

ASA SLA Failover

Hello Chad,

So Interface 0/0 is the primary and 0/1 is the secondary.

Then if the secondary fails it should not affect the internet connection as the primary is still up.

Do you have logs from the time of event?

Can you share the running-configuration?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

ASA SLA Failover

This is what I see in the log file:

Sep 12 2013 10:34:10: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:34:10: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:34:10: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:37:38: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:37:38: %ASA-4-411002: Line protocol on Interface out-Vz, changed state to down

Sep 12 2013 10:37:38: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:37:50: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:37:50: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:37:50: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:38:20: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:38:20: %ASA-4-411002: Line protocol on Interface out-Vz, changed state to down

Sep 12 2013 10:38:20: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:38:32: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:38:32: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:38:32: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:41:38: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:41:38: %ASA-4-411002: Line protocol on Interface out-Vz, changed state to down

Sep 12 2013 10:41:38: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:41:51: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:41:51: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:41:51: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:42:21: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:42:21: %ASA-4-411002: Line protocol on Interface out-Vz, changed state to down

Sep 12 2013 10:42:21: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:42:31: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:42:31: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:42:31: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:45:29: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:45:29: %ASA-4-411002: Line protocol on Interface out-Vz, changed state to down

Sep 12 2013 10:45:29: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:45:39: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:45:39: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:45:39: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:46:11: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:46:11: %ASA-4-411002: Line protocol on Interface out-Vz, changed state to down

Sep 12 2013 10:46:11: %ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down

Sep 12 2013 10:46:21: %ASA-4-411001: Line protocol on Interface out-Vz, changed state to up

Sep 12 2013 10:46:21: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

Sep 12 2013 10:46:21: %ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

ASA SLA Failover

Hello Chad,

Is out-Vz the primary one (eth 0/0)?

Can you enable higher loggin level information so we can see a detail logs from the events?

Can you share the configuration (Make the right changes to IP addresses, etc so you can hide the real values)

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: ASA SLA Failover

out vz is 0/1 secondary

New Member

Re: ASA SLA Failover

I would have to turn the interface back on for the logging to do any good...and that will cause issues.

New Member

Re: ASA SLA Failover

Config

Re: ASA SLA Failover

Hello Chad,

I do not see anything related to SLA on the config you attached.

Did you remove it?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: ASA SLA Failover

Yes I had to remove it. I am trying to get permission to turn it back on so I can get some logging detail.

Even if I turned SLA off it would still cause an outage so I had to disable the 0/1 interface to get it to stop.

Re: ASA SLA Failover

Based on the configuration I cannot find a line of code that could be causing this weird issue,

On the logs you post I can see the backup interface flapping but nothing related to the primary.

Do you know why is the backup interface flapping that much?

What happens when you have both links up and running and you ping from the ASA to 4.2.2.2 via the Primary link?

What's the status of the primary interface when both interfaces are up?

We definetly need some more information to fix this,

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: ASA SLA Failover

It started running fine after I turned SLA and interface back on...for a while. Attached is a log I captured...but I did not have debugging turned on yet.

Re: ASA SLA Failover

Hello Chad,

What do U mean by started running fine for a while?

I can see the interface backup is still flapping.

Do you still see the problem with the internet access?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: ASA SLA Failover

I mean I turned the wireless back on and setup the SLA and it ran with no issues for awhile. I turned it SLA and 0/1 back off and it has happened again. SO, I guess I was looking in the wrong place.  Just so happened that losing internet connectivity would coinside with the flapping.

Welcome back to square one

New Member

Re: ASA SLA Failover

The ASA is rebooting and I am seeing coredump files.

Re: ASA SLA Failover

Hello Chad,

Time to open a case with TAC so we can decode the Core Dump.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

ASA SLA Failover

TAC resolution (after viewing crash dump which was a bug that showed problems with the dispatch unit: bug ID CSCts05981) was to replace ASA.

393
Views
0
Helpful
15
Replies
CreatePlease to create content