Solved

Cisco ASA - Windows 7 computers drop the network

Posted on 2010-08-30
13
707 Views
Last Modified: 2012-05-10
One of my clients recently got a new Cisco ASA 5510. All was working ok until two days later when I implemented a few Windows 7 machines on their AD domain. Randomly (more times than not) the Win7 PCs lose internet and access to the domain controller…I am unable to ping yahoo.com or even the internal SBS2003 server. I can however ping the firewall consistently.

The PCs are plugged into the same switch as the SBS server…statically assigning an IP doesn’t make a difference. Any suggestions? I’m not sure if the ASA is my suspect or not…but all the issues started as soon as I implemented it. All windows XP machines work perfect with no issues.
0
Comment
Question by:PTSMN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
13 Comments
 
LVL 1

Author Comment

by:PTSMN
ID: 33563152
More info: DHCP is coming from the SBS server so it works momentarily...DNS ips from DHCP are pointing to the SBS server.

0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33569084
How many users is the ASA licensed for and how many clients do you have?
0
 
LVL 1

Author Comment

by:PTSMN
ID: 33569802
I initially thought that was the issue as well so I power cycled the ASA with no change.

Even if that were the case it shouldnt be filtering my internal LAN traffic should it?

0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 3

Expert Comment

by:robdcoy
ID: 33570283
No, after thinking about it, it shouldn't.  I will keep looking for a solution for you.

In the time being, do you have any GPO that is controlling your firewall settings for the Windows Clients?  There might be something going on there?

Also, what is the IP address of the PC when you encounter the problem.   0.0.0.0?  169 address?  I understand it does this with a static, but when it is on DHCP, does a "ipconfig /release" and "ipconfig /renew" fix the issue?

Could be a driver issue?  Are these new PC's with the OEM install?

0
 
LVL 1

Author Comment

by:PTSMN
ID: 33570488
DHCP gives me the next address available in the DHCP pool...192.168.1.152

No firewall settings from GPO that would interfere...besides sometimes it decides to work...but then 5 mins later I'm back to not being able to do anything.

If I release my ip and renew I get the same address and same issues

Also I have already tried updating drivers and even swapping nic cards on these Brand new IBM desktops. (Volume licensed win 7 reloads...non oem)

Somone mentioned something about a no fixup policy?? not sure what that is or exactly what it does.

0
 
LVL 1

Author Comment

by:PTSMN
ID: 33570708
I have even pulled out a 3rd win 7 pc new out of box with no domain membership and tried getting online with it...same issues.
0
 
LVL 3

Expert Comment

by:robdcoy
ID: 33570756
This is a good thing......The problem has to be with your ASA.  Do you mind posting a sanitized version of your ASA config?  I can't promise anything, but hopefully something will jump out at me.

If you would rather, you can send the config to rob_at_thecompugeek.com.
0
 
LVL 1

Author Comment

by:PTSMN
ID: 33570860
email sent
0
 
LVL 3

Accepted Solution

by:
robdcoy earned 500 total points
ID: 33571462
Okie Dokie.  I don't see anything strange with the config.  Here is all I can offer to you for help.

Consider updating the firmware to 8.3(1).  There were some issues with 8.2(1), but I tried to skip this version and never really experianced problems.  I don't recall if there were any problems with Windows 7 clients and 8.2(1).  I don't think it would hurt at all.  You can allways fallback to a previous version.  Just remember to backup, backup, backup.  I've been bitten far too many times to just jump at the update.  ;-)

I have seen some stuff on the web about people going back to the PIX 501 because the 5505 was causing issues with their Vista and 7 users.  I haven't seen anything about the 5510 yet.

Disable ipv6 on the 7 clients.  This could cause some issues?  I don't have much experiance with ipv6, nor do I want to.  For me, I have never needed more clients than ipv4 could provide.

Again, I will do my best to help out, but everything looks good.  I highly suspect that 5510 and the firmware.
0
 
LVL 1

Author Comment

by:PTSMN
ID: 33578935
I will try the firmware update then. I did disable ipV6 already with no change so I'll keep you posted.
0
 
LVL 1

Author Comment

by:PTSMN
ID: 33619134
Well this client is running a tempermental VPN to one of their vendors so at this point updating the firmware wont be an option until the end of the month and the VPN is no longer required...is there a way to setup logging to try and dig deeper as to why my Win7 pcs lose their connection? The syslogs arent showing me anything being blocked for this particular LAN IP thats having the issues. Just "severity 6" events.

0
 
LVL 1

Author Comment

by:PTSMN
ID: 33620854
Disabling the Proxy ARP on the ASA’s LAN interface finally solved the issue.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_25081430.html

0
 
LVL 1

Author Closing Comment

by:PTSMN
ID: 33620939
Thanks for the help Rob!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question