Solved

ASA dropping traffic

Posted on 2012-04-06
5
859 Views
Last Modified: 2012-08-13
I have a Cisco ASA.  it's been up and running for years.  all of a sudden we are havng problems.  

I've replaced the ASA, upgrade the OS and been on the phone with Cisco 10 times.  

I had our ISP's cable modem replaced and I replaced all of the cords.  

We have 2 ISP's.  Our backup ISP does not drop traffic at all.

Our main ISP will radomly drop traffic.  It drops traffic about every 15-20 minutes, sometimes sooner and sometimes it's longer.  

Doing a continuous ping to the ASA interface it will time out for about 15 seconds (5 pings time out) then it is back up again.  

I can't figure out what is wrong and neither can Cisco.  Is there a licensing issue?  Something on the firewall that's blocking the traffic after a threshold is met?
0
Comment
Question by:mschirad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 37819732
I think you answered your own question.  One ISP link works fine, the other doesn't.  Has to be the ISP link. Any possibility the one you are having problems with is cable?  If so, you might want to try adjusting your mtu down a little.
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 37823960
You have been on phone with Cisco 10 times and still haven't slammed your ISP1 once?

Your ISP2 is working fine and ISP1 is dropping packets, what are you doing with Cisco TAC?

Pick up the phone and give your ISP1 some hard life. Your problem should be solved.

:)

Forget the ASA for the time being.

Grab a laptop, attach the laptop at the back of the isp1 modem and do the ping. If it still drops packet, you know whom to blame.

Best,
0
 

Accepted Solution

by:
mschirad earned 0 total points
ID: 37827393
The first thing I did was call ISP 1 before I even talked to Cisco.  I had them replace the cable modem right away.

I had Cisco send me a replacement ASA.  Problem solved.
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 37828205
Hi,

You can try configuring on your ASA with below command and check for ASA configuration :

ASA(Config)#debug icmp trace (it will give you details of traffic drop on every instance and why is it dropping.


Try command as below :

ASA(config)#sh asp drop.

there could be some hardware problem too,check your cable connection between ASA firewall and ISP try climping cable in correct sequence as these are 2 dissimilar devices the cable connectivity should be straight cabling.
0
 

Author Closing Comment

by:mschirad
ID: 37847947
The replacement was the fix.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question