My company has just purchased an SA 540, to operate it as a gateway and firewall for our remote servers in our ISPs data center. However, after a certain period of time (ranging from 2 minutes to several hours) the unit keeps dropping the WAN connection, making the unit unaccessible from the WAN side. The strange thing is, that when the connection is dropped, the unit is perfectly accessible from the LAN side, the WAN LED is still on, status info shows the WAN link up, and packet trace shows broadcasted traffic on the WAN interface, so only the directed communication to and from the ISPs gateway (configured to fix IP) seems to be blocked for some reason. When this happens, then plugging the WAN cable to the Optional WAN port enables traffic again, but it is also dropped after some time, and then only power cycling the unit restores WAN connectivity.
We have tried to upgrade the firmware, but the unit keeps failing with 1.1.42 stable, as well as with 1.1.62 RC1 and RC2 installed. We have replaced the unit by the reseller, tried to disable the firewall, RMON, the site-to-site IPSec VPN connection, but neither of these action made it run for longer than a few hours. Internal logs and syslog do not show anything that can be related to a dropped connection or blocked IP. In our test lab, however we were NOT able to reproduce this error, so I am certain that some external phenomenon is causing it at the data center, but we were unable to find out what. One clue we have found is the message "[Kernel][KERNEL] Badness in local_bh_enable at kernel/softirq.c:140" in syslog.
Any help will be appreciated, as the SA 540 would be an ideal solution for us and for many of our partners, but if unsolved, this error will force us to look for an alternate solution.
Seems to manage to find out the cause. For some reason, the SA 540 and the upstream Cisco Catalyst 4948 switch did not manage to autonegotiate the speed of the WAN connection. When running idle or under low load, they could get on with each other. As soon as there were significant traffic, either side scaled back and the SA dropped the connection. Since 1000 MBit FULL is configured on both sides, they seem to work without a glitch.
Can you let us know when the problem occurred what was the link speed set on SA500 and Cisco Catalyst. Also now if it is working without the glitch was you set the speed to Auto or 1000 Mb Full on both sides.
If possible, we would like to get some debug logs when this issue occurs. You can get the dbglogs - Please log in to the SA540 router and in the URL type with IP addresshttps:///scgi-bin/dbglog.cgi
Please save the file and send it. The logs will contain password sensitive information, so if you would like to change before sending over, please do so. Also if you are not comfortable posting it on the support community, you can send a private message.
Also we would like to understand the issue, so please provide your contact information if possible.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...