?
Solved

Cisco ASA5505 losing connectivity

Posted on 2009-02-23
9
Medium Priority
?
459 Views
Last Modified: 2012-05-06
We are losing our internet connection and having to reboot the Comcast broadband modem and ASA 5505  to get the internet backup.  This is happening a couple times a day.  Does anyone know why this would be happening.  Could an IP address conflict on the network be causing this?  Is there a way I can setup an alert to when this happen to help with troubleshooting?  I have attached the current configuration running on the firewall.
current-config-clean.txt
0
Comment
Question by:bkeating13
  • 4
  • 3
  • 2
9 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 23716668
cant see a syslog server in there, would be extremely helpful to see the errors and warnings, all alerts are done this way unless you have SNMP configured..

It could be an outage, DDOS attack or just a faulty port, amongst others issues, but start with the syslog, get 3CDeamon or another syslog server.

You can also see the syslog messages in the ASDM lower window, but with limited depth, its too hard to observe properly, but may help your issue...


0
 
LVL 6

Expert Comment

by:ricks_v
ID: 23726116
Next time it happens, can you try plug a pc straight to Comcast broadband modem. we'll try narrow down the issue as it might be the issue only with the internet modem.
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 23728309
Thanks ricks_v,
divide and conquer...

0
Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

 

Author Comment

by:bkeating13
ID: 23764955
I installed 3CDaemon but don't get anything reported.  Here is all that is reported.

Feb 28 10:17:03 local Listening for Syslog messages on IP address: 192.168.1.2
Feb 28 10:17:03 local Listening for Syslog messages on IP address: 192.168.234.1
Feb 28 10:17:03 local Listening for Syslog messages on IP address: 192.168.10.1
Feb 28 13:16:25 local Listening for Syslog messages on IP address: 192.168.1.2
Feb 28 13:16:25 local Listening for Syslog messages on IP address: 192.168.234.1
Feb 28 13:16:25 local Listening for Syslog messages on IP address: 192.168.10.1
0
 
LVL 23

Expert Comment

by:debuggerau
ID: 23769990
You need to set the PIX up with a syslog server, then apply a inspect policy that will forward warning, errors
Here is my logging section:

logging enable
logging timestamp
logging monitor debugging
logging trap errors
logging asdm notifications
logging mail errors
logging from-address name@domain.com.au
logging recipient-address name@domain level emergencies
logging device-id hostname
logging host inside sysloghostint
logging host inside sysloghostext
logging class auth mail notifications trap informational
0
 

Author Comment

by:bkeating13
ID: 23775185
Thanks for the info.  My Cisco skills are very limited.  Would it be possible to get a little more detail on how to setup the logging on the firewall?
0
 
LVL 6

Accepted Solution

by:
ricks_v earned 750 total points
ID: 23778331
useful link, all about cisco asa logging and setting up syslog server.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml


Note: I would recommend installing a syslog server, connected behind the pix ( this way you ge the all the log save on a pc)
alternatively the asa can always save the log buffer and view it later in its memory..

0
 

Author Comment

by:bkeating13
ID: 23846256
I got logging setup and received over 100 of the following error messages this morning.

<163>Mar 10 2009 07:44:20 xxxChicago : %ASA-3-710003: TCP access denied by ACL from 192.168.1.124/52665 to inside:xx.xx.xx.xx/80

Not sure what this error is from.  Any thoughts?
0
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 750 total points
ID: 23903458
when an incoming packet arrives, it checks itself against the access-lists, which have a log settings - to report or not to report, that is the question.

If report, it will log each blocked conversation in the syslog, depending on your level of inspection.

So the error means:
a packet was blocked according to ACL from 192.168.1.124 to that xx.xx.xx.xx host.

Check the message on the right, it should declare if it is informational, or a warning, error etc..
0

Featured Post

How to change the world, one degree at a time.

By embracing technology, we can solve even the biggest problems—including the gender gap.  By earning a degree from WGU, you have an opportunity to gain the knowledge, credentials, and experience it takes to thrive in today’s high-growth IT industry.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question