Avatar of StaffordIT
StaffordIT asked on

Computer and printer loses connection with firewall

We have a small network and it consists of a Cisco ASA 5505 firewall which connects to a HP Procurve switch. We have a computer on the LAN that randomly can't get on the Internet through the ASA. If you log into the firewall, and clear the arp cache, the computer can then get on the Internet again for a while until it happens again. Then I have to clear the arp cache again. I've ran a ping from the computer while it loses connectivity, and I can't ping the firewall, but I can ping other hosts on the network. I've checked the MAC addresses and everything appears to match up with the ARP table on the Cisco ASA firewall. I'm at a loss in trying to figure out what is causing the problem. We thought someone might have been spoofing the MAC address, so then we changed the MAC address on the computer, but this still did not resolve the problem. I've had Cisco look at our firewall config and they said the config was fine. Thanks for any help in advance.
Hardware Firewalls

Avatar of undefined
Last Comment
StaffordIT

8/22/2022 - Mon
jloiseau

How is you computer obtaining its IP address? DHCP or static?

If you are using DHCP, the lease time expires after whatever interval you set-up (usually 24hrs); and when it does expire, it might not be reestablishing. What device (i.e. server or router) is managing the DHCP pool?

Also, you could set a static IP address to the PC and see if you are stll losing connection.
ASKER
StaffordIT

Thanks for your reply. The computer and the printer both have static IP addresses set. We use DHCP set off the router, but the IP range doesn't overlap with the static IP addresses.
ASKER
StaffordIT

Oh, and one more thing...the lost connection to the firewall seems to happen randomly around every 20-30 minutes..sometimes longer....
Your help has saved me hundreds of hours of internet surfing.
fblack61
jloiseau

For both the Printer and PC, is the speed set to auto or hard coded?

Try setting the Printer and PC to 100mb Full Duplex and the same on the switch port they are on. If your PC has a NIC card that can do a Gig and your switch can also do a Gig, then set both interfaces for a Gig, not auto.

At this point I don't think its a FW issue only b/c Printers have no business with FW's, so it could be a switch issue. Are you seeing any type of errors in the switch logs?
ASKER
StaffordIT

I've changed the duplex settings on the PC, and the problem still occured. I'm beginning to think it's not a firewall issue...and for some reason I can't get into the procurve anymore...I'm beginning to dislike HP procurves lol
jloiseau

I'm guessing that you did not get a chance to also set the port to 100 full duplex on the procure switch.

hp-test(config)# interface b1
hp-test(eth-B1)# speed-duplex 100-full
hp-test(eth-B1)# exit

Also, have you tried bouncing the switch?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
StaffordIT

I can't get into the switch...let me have them power cycle it...I'll get back to you as soon as they bounce it. thanks.
jloiseau

Also, try updating the NIC drivers on both the PC and Printer, see if that helps.
ASKER
StaffordIT

Thanks, I'll try to get around to do that in a little while.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
StaffordIT

Here's what I've found out since earlier. The router (which runs DHCP) is the default gateway for all of the hosts on the subnet. Well, this router has a default route to the Internet through the Cisco ASA. I noticed that the default gateway for this particular computer having the problem was 192.168.25.1 (the firewall)...I changed the gateway to 192.168.25.2 (the router) and it works flawlessly....any ideas why it wouldn't work with the firewall as gateway? If i need to post configs I can....
jloiseau

How is your connection to your ISP?

ISP  -> router -->  Switch  -> FW?

Im guesiing the first, if so, your default gateway should always be the routers IP because its your router that routes you to the internet, not the FW. FW is more a layer 7 device becuase its just enforcing rules to your network.
ASKER
StaffordIT

It's ISP -> FW (which is doing IPSEC VPN to corporate)
                |||||
              Switch
                |||||
             Router-> Hotel guest management network

We set up the router to route to the hotel guest network, and it's default route points to the firewall for Internet traffic. Everyone's default gateway is the router of 192.168.25.2. This works fine for everyone who has a default gateway of 192.168.25.2, but the one computer who's gateway was 192.168.25.1, it would work and sporadically quit working. We have other sites that only have a firewall, that is the client's gateway, and it works fine for them.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
jloiseau

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
StaffordIT

I just changed the default gateway to the router for now to make it work. At some point in time when I'm onsite, I do want to get rid of the hotel guest network since its not being used anymore and restructure the network to clean it up. I was just trying to figure out that issue...it's crazy lol
jloiseau

Well, Im glad to hear that everything worked out..
ASKER
StaffordIT

Thanks for your help.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23