gunkman
asked on
Packet sniffer sees ping, but machine does not reply.
We have been having some crazy intermittent connection problems in a remote office for a few weeks now. The internet connection will drop out for about 30 seconds about 3 times a day, more at night. We have been trying 1000 different things, but the biggest result was from the packet sniffer. During the ‘outage’ we would send pings to the machine in the office running a packet sniffer. The sniffer will pick up the ping requests but the machine will not respond to the ping request during the outage. All of the machines will not respond to pings during this time. Once it’s over, everything is back to normal. The sniffer appears to show normal activity. The switch, ISP, router, VPN, etc all respond to pings during this ‘outage’.
Any help or direction would be greatly appreciated.
More info:
Problem is in remote office. Network has about 7 pc’s on it, connected to an HP Procurve switch. That goes through a Cisco Pix to an Adtran Integrated Phone/Internet router located in the remote office. Hardware VPN to Cisco ASA in Main Office. Cisco Pix in remote office passes out IP’s, DNS #1 is set to Main office, DNS #2 is set to ISP. Pings are sent from Main office to remote office. Systems run XP. Server 2003 and DNS are in main office.
Any help or direction would be greatly appreciated.
More info:
Problem is in remote office. Network has about 7 pc’s on it, connected to an HP Procurve switch. That goes through a Cisco Pix to an Adtran Integrated Phone/Internet router located in the remote office. Hardware VPN to Cisco ASA in Main Office. Cisco Pix in remote office passes out IP’s, DNS #1 is set to Main office, DNS #2 is set to ISP. Pings are sent from Main office to remote office. Systems run XP. Server 2003 and DNS are in main office.
What model PIX?
ASKER
It's a Cisco Pix 506e. My guy that does all of the Cisco work says that he has turned up as much logging as he can and he does not see anything unusual. He says the VPN stays up with no errors during the 'blips'.
The internet connection to the office is not dropping because I can get to the switch remotely during the blips. Also, the packet sniffer sees the ping request during the blips, and it's running inside the office on the machine being pinged.
The internet connection to the office is not dropping because I can get to the switch remotely during the blips. Also, the packet sniffer sees the ping request during the blips, and it's running inside the office on the machine being pinged.
What is license type on 506E? Unlimited or user license? If user license, exceeding license count will cause issues like you are experiencing.
ASKER
I will find that out now. Would it put an error into a log somewhere if it exceeded it?
Not that I am aware of.
ASKER
My network guy says that it is user license, but not sure how many. He mentioned that we moved this Pix to the remote office when we put the ASA in the main office about a year ago. We had a lot more users in the main office than we do in the remote office now. The only difference is that the Pix now has DHCP on it and it did not in the main office.
ASKER
Ok he logged on. It is unlimited. Inside Hosts: Unlimited
ASKER
Here is a screen shot from the sniffer. 192.168.111.119 is the machine in the main office sending the ping. 192.168.211.104 is the machine in the remote office being pinged. events 123-124 are normal. event 142 and 164 are unanswered pings during the 'blip'.
Pings1.gif
Pings1.gif
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I thought the problem would be network or configuration related, and it was just faulty hardware. I don't think anyone could have really figured it out without actually being in the office.
Maybe either the internet or the VPN connection is dropping and reconnecting for a short time.