ASA 5505 Loosing internet connection weekly

Posted on 2009-02-11
Last Modified: 2012-05-06
I installed an ASA 5505 at a client of mines' location about a year ago.  Ever since the install they have complained of random internet dropping.  They have been unplugging the switches, the ASA, and the cable modem up until a few weeks ago.  I had told them to only restart the ASA and let em know if the internet comes back up.  After they reset the ASA the internet comes back up but they are still experiencing this weekly.  I have enabled logging on the ASA but since the unit is being unplugged and restarted the logs have not been very benifical.  Is there some other way that I can try and troubleshoot this situation using the ASA or a 3rd pary software?  

I am unable to troubleshoot the situation when an outage occurs because there business is all done via Citrix sessions over the internet.  If the internet is is there business.
They are on a dynamic IP address and a peer to peer network.  I will be implementing a server and domain shortly, but need to resolve this issue first.  Any help would be much appriciatied.  I will post the config file for the ASA.
Result of the command: "show config"

: Saved
: Written by enable_15 at 12:05:09.502 CST Fri Feb 6 2009
ASA Version 7.2(2)
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.XXX.X
 ospf cost 10
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
 ospf cost 10
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list inside_nat0_outbound extended permit ip any
access-list inside_nat0_outbound extended permit ip
access-list inside_nat0_outbound extended permit ip any
access-list outside_access_in extended permit tcp any interface outside eq 65100
access-list outside_access_in extended permit udp any interface outside eq 65100
access-list vpnsplit_splitTunnelAcl standard permit
pager lines 24
logging enable
logging asdm informational
logging from-address
logging recipient-address level errors
logging flash-bufferwrap
logging ftp-bufferwrap
mtu inside 1500
mtu outside 1500
ip local pool vpngroup mask
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1
static (inside,outside) tcp interface 65100 192.168.XX.XX XXXXXX netmask
static (inside,outside) udp interface 65100 192.168.X.XX XXXXXX netmask
static (inside,outside) tcp interface 3389 192.168.X.X XXXX netmask
static (outside,outside) tcp interface https 192.168.X.X https netmask
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy vpnsplit internal
group-policy vpnsplit attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpnsplit_splitTunnelAcl
group-policy VPNremote internal
group-policy VPNremote attributes
 dns-server value XX.XX.0.XXX XX.XX.X.XXX
 vpn-tunnel-protocol IPSec
username XXXXXXpassword XXXXXXXXXXX encrypted privilege 15
username XXXXXX attributes
 vpn-group-policy XXXXXX
http server enable
http inside
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  30
tunnel-group VPNremote type ipsec-ra
tunnel-group VPNremote general-attributes
 address-pool vpngroup
 default-group-policy VPNremote
tunnel-group VPNremote ipsec-attributes
 pre-shared-key *
tunnel-group vpnsplit type ipsec-ra
tunnel-group vpnsplit general-attributes
 address-pool vpngroup
 default-group-policy vpnsplit
tunnel-group vpnsplit ipsec-attributes
 pre-shared-key *
telnet inside
telnet outside
telnet timeout 5
ssh inside
ssh inside
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address inside
dhcpd enable inside

class-map global-class
 match default-inspection-traffic
class-map inspection_default
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
policy-map global-policy
 class global-class
  inspect dns
  inspect ftp
  inspect http
service-policy global-policy global
 enable outside
prompt hostname context
Question by:lahma35
    LVL 9

    Expert Comment

    I don't see anything in your config that looks out of place. I would contact cisco and see what their tech support has to say - perhaps the unit is over heating or has a bad stick of RAM?

    LVL 6

    Accepted Solution

    I would recommend using a syslog server for recording the logging message,  the kiwi syslog server ( is great if you are wanting to use it on a windows box.

    I would suspect the internet connection itself also, the ASA looks to be configured fine.
    LVL 1

    Author Comment

    I will give the kiwisyslog program a try.  Thanks for the heads up.  Also, I was going to check with the ISP to see if they could do some monitoring on there end.  It seems to be pretty consistant so they may be able to shed some light on the situation too.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Suggested Solutions

    Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now