When this issue happens what is the content of the arp cache (show arp)? What version of asa code are you running? How is the asa connecting to the rest of the network i.e what switches are connected to the asa?
This is the output of "show arp"
FW-01# show arp
USERS 192.168.0.101 3c4a.9273.cf9e 0
USERS 192.168.0.44 4c72.b980.5f7e 3
USERS 192.168.0.43 dc0e.a1ea.7953 3
USERS 192.168.0.23 6c3b.e539.a646 3
USERS 192.168.0.20 009c.02a0.783c 6
USERS 192.168.0.34 4c72.b980.260c 21
USERS 192.168.0.37 001e.37d4.0d30 26
USERS 192.168.0.35 082e.5f11.fc49 29
USERS 192.168.0.45 6c62.6dbb.14d3 38
USERS 192.168.0.27 082e.5f14.9e0f 66
USERS 192.168.0.10 000f.fe8b.2c11 187
WIRELESS 192.168.2.30 d420.6d41.c2ce 11
WIRELESS 192.168.2.12 70f1.a174.01ca 31
WIRELESS 192.168.2.24 6c88.1468.e768 33
WIRELESS 192.168.2.11 74e5.4301.c869 45
WIRELESS 192.168.2.10 3859.f919.7288 349
WIRELESS 192.168.2.18 3076.6ff6.35e5 804
As you can see, its a very small network.I noted even when connection is dropped the ARP table still has the ISP GW Entry though error shows pending.
ASA running 8.2(5). I tried upgrading to 8.3 and issue persisted so i downgraded.
The ASA is connected as follows
WS-C2960-24TC-S ============= (sub-int with VLANS)ASA 5510 (dedicated int) =====(Wimax link)======ISP GW (ASR901)
hope this clarified
Please follow my instructions and let me know how it goes!!!
I am also facing the same problem with ASA 5510 ( 8.2.5 version). When we are connecting internet link on the ASA after some time ...frequent drops started and then all goes unreachable sudden.
Please let me know how you fixed the problem.
in my case one of the wimax radios from the service provider was not passing arp requests and hence the ISPs 7600 router was not completing its arp table. the ISP agreed to put a manual arp entry in the 7600 mapping our firewalls public IP to the MAC address. later the ISP changed the faulty radio. hope this helps
Thanks Solomon for quick reply.
In my case....we are using wired internet link. ISP has placed a MUX at our location and allocate a port to us on that for connecting it with ASA interface.
are you having the exact same problem where when you have intermittent connection, a clear arp solves brings back the connection only for it to drop after some time?
Hi, I'm having the same issue, happens every four hours is not more,
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(2)
Was this issue resolved?
First of all what version are you running on the ASA?
My recommendation would be at the time of the problem call the ISP and ask them to check the ARP table of their device and make sure you have an entry for the ASA outside MAC address.
If not there then we now they are loosing it more than often.
When you run a clear arp you are basically forcing the ASA to send an gratitious ARP packet.
Try to add a manually and permanent entry on the ISP side and let us know how it goes,
follow me on http://laguiadelnetworking.com
troubleshooting with ISP and have established that when link is down there is no ARP entry for our interface, ISP router shows
waiting to see what happens with a static ARP entry
Let me know