Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5505 with AT&T DSL

Hello,

I have a remote ASA 5505 that is connected to Bellsouth DSL service that randomly drops out.  The DSL itself seems to be rather unstable and I'm not sure if the problem is related to the line or my configuration.  The 5505 is configured to connect to the headend 5510 at HQ via EZVPN.

The current setup is as follows:

PC/Cisco 7941 Phone --> ASA 5505 --> Netopia 3347 (bridge mode) --> internet --> ASA5510 (corporate network)

What I'm experiencing is randomly throughout the day the ASA stops responding for 7 or 8 seconds in sequence.  I can see this when performing a continuous ping to the static ip address that is pulled by the FW.  Outside of the random 7 to 8 second packet drop period, the connection works and the phone and PC are directly accessible (via NEM mode).  The VPN tunnel does not drop during the time the connection goes out.  Even when the user is on a phone call, it just loses communication for the 7 second duration and then picks right back up.  This occurs randomly throughout the day even when I've disabled the port the phone is plugged into and the user's laptop is not in use.

The only information that seems to show up in logging is an error for each of the split tunnel networks

Any idea what might cause this to happen on the FW?  Is there anything I could look into doing to see what might be happening between the ASA and the Netopia router?  Could this still be something going on with the VPN tunnel?  AT&T has informed me numerous times that everything is fine on their side.

Supporting Info:

drop out:

Reply from xxx.xxx.xxx.xxx: bytes=32 time=97ms TTL=255
Reply from xxx.xxx.xxx.xxx: bytes=32 time=92ms TTL=255
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from xxx.xxx.xxx.xxx: bytes=32 time=91ms TTL=255
Reply from xxx.xxx.xxx.xxx: bytes=32 time=91ms TTL=255

Logging Messages:

These errors come up during rekey or when the tunnel is made.  This does not occur each time the connection drops out though.  It doesn't seem to effect the funcationality when things are working.  There is 1 "rejected" error for each of the split tunnel networks defined on the headend.

%ASA-3-713119: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, PHASE 1 COMPLETED
Mar 24 2010 11:09:45: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 11:09:45: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 11:09:48: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 17:57:47: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 17:57:47: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy
Mar 24 2010 17:57:50: %ASA-3-713206: Group = 208.XX.XX.XX, IP = 208.XX.XX.XX, Tunnel Rejected: Conflicting protocols specified by tunnel-group and group-policy

The only other logging errors that look significant are as follows. This happens when the DSL line itself seems to go out.  This does not show up when the drop out occurs either!

Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:
Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:Peer not responding
Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:
Mar 23 2010 13:52:43: %ASA-3-403503:PPPoE:PPP link down:LCP down

1 REPLY
New Member

Re: ASA5505 with AT&T DSL

Try running a continuous ping to the DSL modem and also to the DSL's modem's gateway.

See which one of those drops.

We have had numerous problems with AT&T DSL.....I always ask to talk to Tier 2 support right off the bat...

1226
Views
0
Helpful
1
Replies
CreatePlease login to create content