I have an ASA 5505 which is having a problem.The customer has to reboot the ASA daily to get working.We have an IPSec tunnel running from this site to their HQ.When the problem occurs the clients on the LAN cannot access internet or the tunnel to HQ. ASA is running DHCP server.I checked the ASA when the problem occurred.No error logged. DHCPD BIND also showed leases.I checked on some LAN PCs they did not have any IP address.They could not renew the lease too.so they could not ping the inside interface of the ASA too which they can when everything is fine.I could ping the inside interface of the ASA while logged in into the ASA but not anything on the LAN not even the hosts with static IPs. So looks like the ASA loses connectivity to the LAN.I even got the LAN switch rebooted to see if that was the problem.But nothing.Things came up only after rebooting the ASA.I even got the port for the inside int of ASA changed on the switch.We are using only OUTSIDE and INSIDE interfaces on the ASA.The INSIDE is connected to the LAN switch.The ASA config is attached:
yes this has been an ongoing problem and has been there from the day ASA was operational. Connectivity to internet and thro the IPSec tunnel are fine when the problem occurs. I can ping to the internet and even login into the ASA thro the IPSec tunnel but no connectivity to LAN. I am wondering if I have to remove the interface Vlan1 and give the IP to the physical INSIDE interface. The file for "sh version" is attached.
Is this a symptom of running out of licenses on the ASA? This ASA 5505 has a Base License of 50 users as you can see in the "sh ver" output attached. I am not sure how many hosts are there on the LAN for this ASA. Will check and then will know. I have read somewhere that the hosts count only when they pass traffic through the box to the internet (usually the outside) interface. Pls help me on this.
Just throwing this out there, but, is it possible that your tunnel is closing for some odd reason. Try and restart your tunnel before you restart the entire ASA. See if that solves the connectivity issue. If it does, you may want to look in the configuration a bit more.
I confirmed there are only 10 PCs/Servers on the LAN behind ASA 5505. So can't be the licensing issue. Any ideas folks? I need urgent help on this. But I have another piece of information that there is a Riverbed server (Appl Accelerator box) on the LAN. Dont know anything about this though.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :