michaelgoldsmith



Spotty Internet - ASA5505

Experts - I have a cisco asa 5505 at a small office. The internet has been spotty at best for a few weeks. We have had the ISP remotely test the connection and even had a tech onsite. They claim the signal is good and the ASA is the issue. Are there any tests I can run in ASDM to prove/disprove that the ASA is malfunctioning?
If your configuration hasn't changed, have you scanned the workstations on the network for adware / spyware / trojans and viruses?  Is the network peer - peer or do you have a server providing DNS?? If you have server are you using forwarders or root hints??  The only way to test the 5505 is there should be a trace route and ping utilities that you can run when the internet is down from the clients to see if the 5505 has also lost 'internet' is the 5505 getting a dynamic IP from ISP or is it static??  Some ISP's use MAC address registration.  Have to assume that the ISP has confirmed all of their hardware configuration and not just signal strength.
To answer your q's. The network is a simple workgroup with all PC's having static IP's - so DNS handled by individual workstations. 5505 is also static IP with static route set to internet. ISP has "confirmed" (used loosely) their hardware is functioning.
I have been monitoring the ASA for awhile today and keep seeing the same "deny inbound icmp src outside:" from the following 4 IP addresses.

Not sure what this means, but it's always these 4 IP's
When you say internet is spotty, you mean it is slow or you loose connectivity for an extended period of time?

Have you pinged the default gateway from the ASA with a repeat of 5000?  Are there any drops?  If you ping with a repeat of 5000,do you see any drops?

What ASA version are you running?

Have you checked the CPU usage?

Do you have any inspection policies configured (other than the default one)?

We lose internet for short bursts of time. A few seconds to a few minutes.

Yes. I can get a solid ping going to the LAN side of the ASA fro inside the network. At the same time I can ping the WAN side of the ASA from outside the network. What I see is the outside dropping packets while the inside stays up.

CPU usage is fine

No other inspection policies.
Marius Gunnerud
