Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA 5555-X drop problem


Have run in to a strange problem with the ASA-5555-X (one of many in a row). When traffic flows between the inside interfaces I get drops in traffic (testing with ordinary 32 ping). Both traffic leaving in ipsec tunnels and traffic passing straigh through. When placing myself in the outside vlan and testing with ping the drops doesn't happend. The logs dont say anything when it happens, using wireshark now to look for problems. Stats from the outside interface is as follows:

Interface GigabitEthernet0/0 "telenor", is up, line protocol is up

  Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec

        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

        Input flow control is unsupported, output flow control is off

        MAC address fc99.4749.b2f7, MTU 1500

        IP address, subnet mask

        198830497 packets input, 230683217853 bytes, 0 no buffer

        Received 165285 broadcasts, 0 runts, 0 giants

        9 input errors, 9 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 pause input, 0 resume input

        0 L2 decode drops

        157261520 packets output, 31321824495 bytes, 0 underruns

        0 pause output, 0 resume output

        0 output errors, 0 collisions, 4 interface resets

        0 late collisions, 0 deferred

        2 input reset drops, 266 output reset drops

        input queue (blocks free curr/low): hardware (502/448)

        output queue (blocks free curr/low): hardware (511/250)

  Traffic Statistics for "telenor":

        198830210 packets input, 227081353403 bytes

        157261932 packets output, 28275309932 bytes

        1592744 packets dropped

      1 minute input rate 3700 pkts/sec,  4680632 bytes/sec

      1 minute output rate 2776 pkts/sec,  367123 bytes/sec

      1 minute drop rate, 16 pkts/sec

      5 minute input rate 3699 pkts/sec,  4342942 bytes/sec

      5 minute output rate 2772 pkts/sec,  621819 bytes/sec

      5 minute drop rate, 13 pkts/sec

Do anyone have tip for me.

Regard J.

Please rate as helpful, if that would be the case. Thanx
Community Member

Cisco ASA 5555-X drop problem

More information. The unit connected to the ASA5555-X and now also a ASA5505 (for test) is a Catalyst 3560.

The Catalyst is supplied by my ISP which is Telenor Norway. They cant see any problems on the router.

It looks like the packet loss happens between the ASA and router. We have tried setting the boxes to auto/auto and static to 100fdx.

Anyone have any suggestions ?

Regards J.

Please rate as helpful, if that would be the case. Thanx
CreatePlease to create content