?
Solved

ASA dropping traffic

Posted on 2012-04-06
5
Medium Priority
?
875 Views
Last Modified: 2012-08-13
I have a Cisco ASA.  it's been up and running for years.  all of a sudden we are havng problems.  

I've replaced the ASA, upgrade the OS and been on the phone with Cisco 10 times.  

I had our ISP's cable modem replaced and I replaced all of the cords.  

We have 2 ISP's.  Our backup ISP does not drop traffic at all.

Our main ISP will radomly drop traffic.  It drops traffic about every 15-20 minutes, sometimes sooner and sometimes it's longer.  

Doing a continuous ping to the ASA interface it will time out for about 15 seconds (5 pings time out) then it is back up again.  

I can't figure out what is wrong and neither can Cisco.  Is there a licensing issue?  Something on the firewall that's blocking the traffic after a threshold is met?
0
Comment
Question by:mschirad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 37819732
I think you answered your own question.  One ISP link works fine, the other doesn't.  Has to be the ISP link. Any possibility the one you are having problems with is cable?  If so, you might want to try adjusting your mtu down a little.
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 37823960
You have been on phone with Cisco 10 times and still haven't slammed your ISP1 once?

Your ISP2 is working fine and ISP1 is dropping packets, what are you doing with Cisco TAC?

Pick up the phone and give your ISP1 some hard life. Your problem should be solved.

:)

Forget the ASA for the time being.

Grab a laptop, attach the laptop at the back of the isp1 modem and do the ping. If it still drops packet, you know whom to blame.

Best,
0
 

Accepted Solution

by:
mschirad earned 0 total points
ID: 37827393
The first thing I did was call ISP 1 before I even talked to Cisco.  I had them replace the cable modem right away.

I had Cisco send me a replacement ASA.  Problem solved.
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 37828205
Hi,

You can try configuring on your ASA with below command and check for ASA configuration :

ASA(Config)#debug icmp trace (it will give you details of traffic drop on every instance and why is it dropping.


Try command as below :

ASA(config)#sh asp drop.

there could be some hardware problem too,check your cable connection between ASA firewall and ISP try climping cable in correct sequence as these are 2 dissimilar devices the cable connectivity should be straight cabling.
0
 

Author Closing Comment

by:mschirad
ID: 37847947
The replacement was the fix.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question