We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Some clients cannot reach Internet after introduction of ASA 5505

terry_cole
terry_cole asked
on
Medium Priority
536 Views
Last Modified: 2012-06-27
I have a small office network of 10 laptops.  They get their IP info from a Windows server that provides DHCP services including the gateway and DNS options.  I introduced an ASA 5505 yesterday and everything ran fine for hours.  At some point a few of the clients lost Internet connectivity.  They could still see all resources on the LAN side of the firewall.  The IP settings are correct in ipconfig.  I cleared the arp caches which did not help.  I changed the stations to static IP addresses and that seemed to work for awhile but then they failed again.  I switched them all back to DHCP clients.

Today all the laptops were able to maintain Internet connectivity until about an hour ago when 2 of them lost Internet access.  They retain access to all devices on the LAN.  The rest of the stations are still working fine.  The IP settings on these 2 stations are all correct.

I cannot ping yahoo.com from these 2 stations although the name does get resolved.  I cannot tracert anywhere off the network "Request timed out".  I can tracert anywhere on the LAN.  I can ping the gateway.  There is only one DHCP server on the network.  

The ASA configuration is very basic.  I removed most of it with a clear config and only built the two VLAN interfaces, a static for the webserver which includes an access-group and service-group, and the outside NAT 1 0.0.0.0, etc..  It seems like it is running out of addresses or licenses.   When it reaches a certain limit of time, clients, heat, I don't know, it stops allowing connections.  Sometimes it drops the currently connected ones and other times it doesn't.

Any help would be appreciated.

Thanks,
Terry
Comment
Watch Question

Network and Security consultant
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Ken BooneNetwork Consultant
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks, I believe it is a licensing issue.  I wasn't aware of the IP limit.  Testing by having one user log off permits another to log on.  I believe an upgraded license is called for....
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.