Firewall disappears: No PING or response to ARP request

I have a Cisco ASA 500 on an Internet connection - coming through an xrio 400 ADSL bonder.

The problem is that the Cisco firewall - which has a static IP address - disappears completely and the Internet connection fails.  It doesn't reply to PING requests to the public IP or to the 192.168.0.x IP address on the local LAN.  The bonding device (an xrio UBM 400) gives an error saying that the link to the Cisco is 'incomplete' and it keeps sending ARP requests to the firewall which are not responded to.  The device remains powered on all the time and I have checked all cables and replaced them.

I should say at this point that the Cisco is a new unit which was installed today to replace a Juniper Networks Netscreen firewall which demonstrated exactly the same behaviour.

I can't understand why the firewall just stops responding to PING requests - it has to be unplugged from the mains and then plugged in again in order for it to come up again.  It will then PING and work correctly for a while.  When it fails, I can't PING anything the other side of the firewall but the bonder continues to respond.

Any ideas about how to diagnose and fix this problem much appreciated.
evbukAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnGerhardtCommented:
Sorry just so I understand the setup where is the UBM plugged in...? On the outside of the firewall?
0
evbukAuthor Commented:
Yes, the UBM is plugged in on the outside of the firewall.

The company that manage the connection are now talking about replacing the UBM device but the problem is that it works well for a while then the firewall drops out and brings everything down.
0
JohnGerhardtCommented:
Well if you cant ping the internal address for the firewall then it is defintly not the UBM that is causing the problem.

Does the firewall log any errors..?
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

evbukAuthor Commented:
I haven't got the log output yet because it's a managed hardware setup but I've asked the company to provide them.  They've mentioned the possibility that there's a cable loop in the network somewhere which is causing a 'storm' that brings down the firewall.

I don't really buy the idea that it would stop responding to PING requests if that happened, though, on the public IP.  And why would two searate brand new firewalls show the same behaviour?
0
JohnGerhardtCommented:
It does suggest that it isnt the firewall..
In the question you said that when it stops working that you can't ping the internal, external addresses of the FW but you can ping the UBM.. Is that correct.. If so can you surf and access sites externally as well?
0
evbukAuthor Commented:
No, it takes everything down.  The gateway to the internet is a 192.168.0.x address which points to the firewall and, as that disappears, everything goes down internally.
0
JohnGerhardtCommented:
Are you sure that the firewall drops and that it isnt a routing problem...?
0
evbukAuthor Commented:
Well, as the UBM which it's directy connecting to keeps ARPing it and there's no response, it sounds like a firewall issue.

At this point I'm at the end of my tether with it so I can believe it would be anything :-)
0
JohnGerhardtCommented:
I am off now but as a parting idea..
If there is any way that you can put a laptop inbetween the internal network and the FW with a hub  ..
and then place your self on the same subnet as the FW, then when the FW goes down check whether you can still ping the FW with the laptop.. If so then you have some kind of internal routing problem.. If not then the only other thing I can think of is maybe a duplicate IP address being assigned.. The firewall having trouble about that and dropping its links...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.