Solved

ASA dropping traffic

Posted on 2012-04-06
5
841 Views
Last Modified: 2012-08-13
I have a Cisco ASA.  it's been up and running for years.  all of a sudden we are havng problems.  

I've replaced the ASA, upgrade the OS and been on the phone with Cisco 10 times.  

I had our ISP's cable modem replaced and I replaced all of the cords.  

We have 2 ISP's.  Our backup ISP does not drop traffic at all.

Our main ISP will radomly drop traffic.  It drops traffic about every 15-20 minutes, sometimes sooner and sometimes it's longer.  

Doing a continuous ping to the ASA interface it will time out for about 15 seconds (5 pings time out) then it is back up again.  

I can't figure out what is wrong and neither can Cisco.  Is there a licensing issue?  Something on the firewall that's blocking the traffic after a threshold is met?
0
Comment
Question by:mschirad
5 Comments
 
LVL 22

Expert Comment

by:rickhobbs
Comment Utility
I think you answered your own question.  One ISP link works fine, the other doesn't.  Has to be the ISP link. Any possibility the one you are having problems with is cable?  If so, you might want to try adjusting your mtu down a little.
0
 
LVL 17

Expert Comment

by:surbabu140977
Comment Utility
You have been on phone with Cisco 10 times and still haven't slammed your ISP1 once?

Your ISP2 is working fine and ISP1 is dropping packets, what are you doing with Cisco TAC?

Pick up the phone and give your ISP1 some hard life. Your problem should be solved.

:)

Forget the ASA for the time being.

Grab a laptop, attach the laptop at the back of the isp1 modem and do the ping. If it still drops packet, you know whom to blame.

Best,
0
 

Accepted Solution

by:
mschirad earned 0 total points
Comment Utility
The first thing I did was call ISP 1 before I even talked to Cisco.  I had them replace the cable modem right away.

I had Cisco send me a replacement ASA.  Problem solved.
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
Comment Utility
Hi,

You can try configuring on your ASA with below command and check for ASA configuration :

ASA(Config)#debug icmp trace (it will give you details of traffic drop on every instance and why is it dropping.


Try command as below :

ASA(config)#sh asp drop.

there could be some hardware problem too,check your cable connection between ASA firewall and ISP try climping cable in correct sequence as these are 2 dissimilar devices the cable connectivity should be straight cabling.
0
 

Author Closing Comment

by:mschirad
Comment Utility
The replacement was the fix.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now