Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Firewall disappears: No PING or response to ARP request

Posted on 2008-11-07
9
Medium Priority
?
1,192 Views
Last Modified: 2012-05-05
I have a Cisco ASA 500 on an Internet connection - coming through an xrio 400 ADSL bonder.

The problem is that the Cisco firewall - which has a static IP address - disappears completely and the Internet connection fails.  It doesn't reply to PING requests to the public IP or to the 192.168.0.x IP address on the local LAN.  The bonding device (an xrio UBM 400) gives an error saying that the link to the Cisco is 'incomplete' and it keeps sending ARP requests to the firewall which are not responded to.  The device remains powered on all the time and I have checked all cables and replaced them.

I should say at this point that the Cisco is a new unit which was installed today to replace a Juniper Networks Netscreen firewall which demonstrated exactly the same behaviour.

I can't understand why the firewall just stops responding to PING requests - it has to be unplugged from the mains and then plugged in again in order for it to come up again.  It will then PING and work correctly for a while.  When it fails, I can't PING anything the other side of the firewall but the bonder continues to respond.

Any ideas about how to diagnose and fix this problem much appreciated.
0
Comment
Question by:evbuk
  • 5
  • 4
9 Comments
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22908409
Sorry just so I understand the setup where is the UBM plugged in...? On the outside of the firewall?
0
 

Author Comment

by:evbuk
ID: 22908554
Yes, the UBM is plugged in on the outside of the firewall.

The company that manage the connection are now talking about replacing the UBM device but the problem is that it works well for a while then the firewall drops out and brings everything down.
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22908593
Well if you cant ping the internal address for the firewall then it is defintly not the UBM that is causing the problem.

Does the firewall log any errors..?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:evbuk
ID: 22908617
I haven't got the log output yet because it's a managed hardware setup but I've asked the company to provide them.  They've mentioned the possibility that there's a cable loop in the network somewhere which is causing a 'storm' that brings down the firewall.

I don't really buy the idea that it would stop responding to PING requests if that happened, though, on the public IP.  And why would two searate brand new firewalls show the same behaviour?
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22908649
It does suggest that it isnt the firewall..
In the question you said that when it stops working that you can't ping the internal, external addresses of the FW but you can ping the UBM.. Is that correct.. If so can you surf and access sites externally as well?
0
 

Author Comment

by:evbuk
ID: 22908710
No, it takes everything down.  The gateway to the internet is a 192.168.0.x address which points to the firewall and, as that disappears, everything goes down internally.
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22908735
Are you sure that the firewall drops and that it isnt a routing problem...?
0
 

Author Comment

by:evbuk
ID: 22908780
Well, as the UBM which it's directy connecting to keeps ARPing it and there's no response, it sounds like a firewall issue.

At this point I'm at the end of my tether with it so I can believe it would be anything :-)
0
 
LVL 17

Accepted Solution

by:
JohnGerhardt earned 1500 total points
ID: 22908821
I am off now but as a parting idea..
If there is any way that you can put a laptop inbetween the internal network and the FW with a hub  ..
and then place your self on the same subnet as the FW, then when the FW goes down check whether you can still ping the FW with the laptop.. If so then you have some kind of internal routing problem.. If not then the only other thing I can think of is maybe a duplicate IP address being assigned.. The firewall having trouble about that and dropping its links...
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month15 days, 5 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question