We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Some clients cannot reach Internet after introduction of ASA 5505

terry_cole asked
Medium Priority
Last Modified: 2012-06-27
I have a small office network of 10 laptops.  They get their IP info from a Windows server that provides DHCP services including the gateway and DNS options.  I introduced an ASA 5505 yesterday and everything ran fine for hours.  At some point a few of the clients lost Internet connectivity.  They could still see all resources on the LAN side of the firewall.  The IP settings are correct in ipconfig.  I cleared the arp caches which did not help.  I changed the stations to static IP addresses and that seemed to work for awhile but then they failed again.  I switched them all back to DHCP clients.

Today all the laptops were able to maintain Internet connectivity until about an hour ago when 2 of them lost Internet access.  They retain access to all devices on the LAN.  The rest of the stations are still working fine.  The IP settings on these 2 stations are all correct.

I cannot ping yahoo.com from these 2 stations although the name does get resolved.  I cannot tracert anywhere off the network "Request timed out".  I can tracert anywhere on the LAN.  I can ping the gateway.  There is only one DHCP server on the network.  

The ASA configuration is very basic.  I removed most of it with a clear config and only built the two VLAN interfaces, a static for the webserver which includes an access-group and service-group, and the outside NAT 1, etc..  It seems like it is running out of addresses or licenses.   When it reaches a certain limit of time, clients, heat, I don't know, it stops allowing connections.  Sometimes it drops the currently connected ones and other times it doesn't.

Any help would be appreciated.

Watch Question

Network and Security consultant
Unlock this solution and get a sample of our free trial.
(No credit card required)
Ken BooneNetwork Consultant
Unlock this solution and get a sample of our free trial.
(No credit card required)


Thanks, I believe it is a licensing issue.  I wasn't aware of the IP limit.  Testing by having one user log off permits another to log on.  I believe an upgraded license is called for....
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.