We help IT Professionals succeed at work.

CISCO ASA 5505 Security Plus Bundle

jujucapps
jujucapps used Ask the Experts™
on
Just installed a new asa 5505 at the NOC.  ASA5505-SEC-BUN-K9
Having a problem.  Crashes every hour or so and have to manually reload the asa at the NOC before connectivity is restored.
Anyone having trouble with this model?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
There's other posts on the Cisco forums about ASA 5505's constantly crashing. It might be worth calling Cisco about it.
Top Expert 2009

Commented:
What version of code is it running?  Any crash data you can post?

Author

Commented:
Version 7.2(4)
Were waiting for activation of our service contract that was purchased through CDW so we'll engage cisco as soon as that comes in. Just thought I would check to see if anyone experienced same trouble.
Top Expert 2009

Commented:
7.2(4) is very common (factory default for a long time).  Most likely a hardware issue if the ASA is crashing.

Author

Commented:
Cant find any crash data at all.  Our network becomes unresponsive and can't get into the box at all.  Have to manually reload it every time this happens.  checked the status at the NOC during crash and see traffic in the logs as expected but no response from any servers from outside firewall.  very strange and random.  I checked the serial number for known issue but it was clear... so just stuck.
Top Expert 2009

Commented:
You can try upgrading the software to 8.(2)2 once you have the service contract.  I haven't experienced any issues with that release.
Commented:
Make sure you don't have a duplex mismatch problem.  I had a problem ASA for a long time and we couldnt find the problem with it... Until I finally got some syslog output from when the problem would occur.  Turns out the ASA will shut down it's interface if it gets a ton of errors.  I.e. the kind of errors you get if you have a duplex mismatch.  Check with your ISP to see what speed/duplex they are set at or if they are set at auto negotiate.  Then adjust your end accordingly.

Author

Commented:
Thank you,
Yes, we’ve been looking at duplexing today actually.  We adjusted the interface "inside" switch ports away from auto/auto to 100/full (despite each NIC being set to 1gps) and left only the outside at auto/auto. that seems to have provided a little stability while preserving our internal connection speed. only time will tell, whether this will hold.

Note: we first tried setting each NIC to 100/full as well but that slowed our linked server (SQL SERVERS) traffic to a crawl so we had to set each one back to 1gps, but left the switch port settings as described above.   Do you see any potential conflicts with this?

We will find out the speed/duplex at the NOC and adjust the config as needed.  

Author

Commented:
Finally found out the ISP specs for speed/duplexing and they said 10/Full so we added that to the outside switch port setting of the router and that held.  NOC techs also discovered we had a bad cable going into the cage.  They switched that and today is the first day I haven't had to bounce the router first thing in the morning.  Fingers crossed, we should be ok.  

BTW.  I've been a member of this site for about a year now and is the first time I've posted a question of my own.  I am really impressed by the level of support I received and the speed of the responses.  Amazing.  Thank you so much for all of your help.

Author

Commented:
Turns out after some days of stability, and additional testing.  The problem was indeed a speed/duplexing issue.  Thank you so much.