• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1295
  • Last Modified:

cisco ASA5510 hang issue

Hi Expert,
I have a cisco ASA 5100 firewall having some issue. I don't know what happen to it and sometimes we can't connect VPN, we can't to other sites (site to site VPN site).
If we restart the device, it works normal. Could you advise how could be the issue and how to trace the problem?

Thanks
Rgds
0
bominthu
Asked:
bominthu
  • 7
  • 6
  • 3
  • +3
1 Solution
 
Ernie BeekCommented:
Well, my first step would be to look at the (asdm) logs to see what shows up there.
0
 
bominthuAuthor Commented:
I enabled logging. There are thousands of logs.Which one should i check ?
0
 
bominthuAuthor Commented:
What is the command to enable only for error ?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
Ernie BeekCommented:
In asdm, monitoring->logging->real-time log viewer you can set the logging level. Try putting it to notifications. Then wait till a hang occurs.
0
 
Ernie BeekCommented:
From CLI?
logging console notifications
If you are connected to the console of course ;)
0
 
bominthuAuthor Commented:
"logging console notifications" is all information message
I need to log error or warning only.
Could you tell me which is exact command?

Rgds
0
 
bominthuAuthor Commented:
I'm setting up to forward error and warning logs to syslog server
0
 
Ernie BeekCommented:
That would be: logging console error or logging console warning ;)
There are 8 options for that: emergencies, alerts, critical, error, warnings, notifications, informational and debugging.
0
 
Ernie BeekCommented:
Ah, syslog.
That would be: logging trap warnings (or error)
0
 
rochey2009Commented:
Hi,

Which software version are you running on your ASA?
0
 
bominthuAuthor Commented:
Rochey,

how to check from CLI ?

Rgds
0
 
rochey2009Commented:
show version
0
 
gavvingCommented:
Also what version of code are you running.  Some have bugs and may have issues.  Upgrade to 8.2.5 if possible.
0
 
bominthuAuthor Commented:
Hi Rochey,

ASA5100# show version

Cisco Adaptive Security Appliance Software Version 7.2(1)
Device Manager Version 5.2(2)
If I need to upgrade, how can I get new version of IOS ?
0
 
rochey2009Commented:
There is a cisco bug (CSCsm87892) which may cause transmitter hangs in the ethernet interface if there is a duplex mismatch.

Check that the ASA and the switchport that it's connected are either both set to auto negotiated or both set to the same speed and duplex.
0
 
Ernie BeekCommented:
For an upgrade you need a smartnet. If it is just to get the software, get the cheapest possible. You'll still be able to get the images then.
0
 
Feroz AhmedSenior Network EngineerCommented:
Hi,

You can try by replacing the Cat5 cable by just climping with a new RJ45 jack and check ,this is only because of RJ45 jack problem which is creating problem in connetivity there is no problem in ASA as you are able to connect to the same after sometime and the status is showing as dropped but connecting to the same after sometime,this is a hardware problem with the connectivity between peers in network as you are able to connect to the same after sometime delay,so there is no problem with asa configuration there could be problem with RJ45 jack connectivity or the Router,Switch or Hub.
0
 
QuestionManACommented:
What ultimately resolved the issue? We are currently experiencing the same issue on 8.2.2. Please help.
0
 
bominthuAuthor Commented:
not solved but so far no issue .........i have to wait until it hang.............
but i hope it never hang...:P
0
 
QuestionManACommented:
We experienced the same issue and it began without an obvious reason. I believe that our ISP changed something on the managed router.

I suspect / hope that the issue has been resolved on our end. We changed the duplex/speed from auto/auto to full/100 and that seems to have fixed it.

Perhaps that helps you too.
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

  • 7
  • 6
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now