ASA dropping traffic

I have a Cisco ASA.  it's been up and running for years.  all of a sudden we are havng problems.  

I've replaced the ASA, upgrade the OS and been on the phone with Cisco 10 times.  

I had our ISP's cable modem replaced and I replaced all of the cords.  

We have 2 ISP's.  Our backup ISP does not drop traffic at all.

Our main ISP will radomly drop traffic.  It drops traffic about every 15-20 minutes, sometimes sooner and sometimes it's longer.  

Doing a continuous ping to the ASA interface it will time out for about 15 seconds (5 pings time out) then it is back up again.  

I can't figure out what is wrong and neither can Cisco.  Is there a licensing issue?  Something on the firewall that's blocking the traffic after a threshold is met?
mschiradAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick HobbsRETIREDCommented:
I think you answered your own question.  One ISP link works fine, the other doesn't.  Has to be the ISP link. Any possibility the one you are having problems with is cable?  If so, you might want to try adjusting your mtu down a little.
0
surbabu140977Commented:
You have been on phone with Cisco 10 times and still haven't slammed your ISP1 once?

Your ISP2 is working fine and ISP1 is dropping packets, what are you doing with Cisco TAC?

Pick up the phone and give your ISP1 some hard life. Your problem should be solved.

:)

Forget the ASA for the time being.

Grab a laptop, attach the laptop at the back of the isp1 modem and do the ping. If it still drops packet, you know whom to blame.

Best,
0
mschiradAuthor Commented:
The first thing I did was call ISP 1 before I even talked to Cisco.  I had them replace the cable modem right away.

I had Cisco send me a replacement ASA.  Problem solved.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Feroz AhmedSenior Network Security  / Senior System EngineerCommented:
Hi,

You can try configuring on your ASA with below command and check for ASA configuration :

ASA(Config)#debug icmp trace (it will give you details of traffic drop on every instance and why is it dropping.


Try command as below :

ASA(config)#sh asp drop.

there could be some hardware problem too,check your cable connection between ASA firewall and ISP try climping cable in correct sequence as these are 2 dissimilar devices the cable connectivity should be straight cabling.
0
mschiradAuthor Commented:
The replacement was the fix.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.