Solved

ASA dropping traffic

Posted on 2012-04-06
5
843 Views
Last Modified: 2012-08-13
I have a Cisco ASA.  it's been up and running for years.  all of a sudden we are havng problems.  

I've replaced the ASA, upgrade the OS and been on the phone with Cisco 10 times.  

I had our ISP's cable modem replaced and I replaced all of the cords.  

We have 2 ISP's.  Our backup ISP does not drop traffic at all.

Our main ISP will radomly drop traffic.  It drops traffic about every 15-20 minutes, sometimes sooner and sometimes it's longer.  

Doing a continuous ping to the ASA interface it will time out for about 15 seconds (5 pings time out) then it is back up again.  

I can't figure out what is wrong and neither can Cisco.  Is there a licensing issue?  Something on the firewall that's blocking the traffic after a threshold is met?
0
Comment
Question by:mschirad
5 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 37819732
I think you answered your own question.  One ISP link works fine, the other doesn't.  Has to be the ISP link. Any possibility the one you are having problems with is cable?  If so, you might want to try adjusting your mtu down a little.
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 37823960
You have been on phone with Cisco 10 times and still haven't slammed your ISP1 once?

Your ISP2 is working fine and ISP1 is dropping packets, what are you doing with Cisco TAC?

Pick up the phone and give your ISP1 some hard life. Your problem should be solved.

:)

Forget the ASA for the time being.

Grab a laptop, attach the laptop at the back of the isp1 modem and do the ping. If it still drops packet, you know whom to blame.

Best,
0
 

Accepted Solution

by:
mschirad earned 0 total points
ID: 37827393
The first thing I did was call ISP 1 before I even talked to Cisco.  I had them replace the cable modem right away.

I had Cisco send me a replacement ASA.  Problem solved.
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 37828205
Hi,

You can try configuring on your ASA with below command and check for ASA configuration :

ASA(Config)#debug icmp trace (it will give you details of traffic drop on every instance and why is it dropping.


Try command as below :

ASA(config)#sh asp drop.

there could be some hardware problem too,check your cable connection between ASA firewall and ISP try climping cable in correct sequence as these are 2 dissimilar devices the cable connectivity should be straight cabling.
0
 

Author Closing Comment

by:mschirad
ID: 37847947
The replacement was the fix.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco MRA Phones 4 64
cisco nexus experiance 2 57
Difference between Cisco Multichassis Etherchannel and VSL 6 58
Cisco UCM licensing - do the unregistered count? 2 47
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now