Some clients cannot reach Internet after introduction of ASA 5505
Posted on 2011-04-19
I have a small office network of 10 laptops. They get their IP info from a Windows server that provides DHCP services including the gateway and DNS options. I introduced an ASA 5505 yesterday and everything ran fine for hours. At some point a few of the clients lost Internet connectivity. They could still see all resources on the LAN side of the firewall. The IP settings are correct in ipconfig. I cleared the arp caches which did not help. I changed the stations to static IP addresses and that seemed to work for awhile but then they failed again. I switched them all back to DHCP clients.
Today all the laptops were able to maintain Internet connectivity until about an hour ago when 2 of them lost Internet access. They retain access to all devices on the LAN. The rest of the stations are still working fine. The IP settings on these 2 stations are all correct.
I cannot ping yahoo.com from these 2 stations although the name does get resolved. I cannot tracert anywhere off the network "Request timed out". I can tracert anywhere on the LAN. I can ping the gateway. There is only one DHCP server on the network.
The ASA configuration is very basic. I removed most of it with a clear config and only built the two VLAN interfaces, a static for the webserver which includes an access-group and service-group, and the outside NAT 1 0.0.0.0, etc.. It seems like it is running out of addresses or licenses. When it reaches a certain limit of time, clients, heat, I don't know, it stops allowing connections. Sometimes it drops the currently connected ones and other times it doesn't.
Any help would be appreciated.