Hey guys,
I have a Cisco ASA 5505 here connected to a 5510 VPN. All has been running well for quite some time (2yrs) no issues. recently, the last 3 days, I've been getting disconnects. the local Lan is fine, all internal traffic looks good, the ISP modem is good since I have a seperate device plugged into it and it never drops.
- For the past few days after doing a couple hard boots it will work for a bit (time is inconsistant, sometimes 15 mins, sometimes an hr).
- I can clear conn, clear xlate and clear arp to make sure nothing binded there. sometimes it helps after I clear then reload, sometimes it doesn't help at all.
- I've changed External IP, and it seems to help for a little bit. then starts the same thing again.
one thing I am noticing when clearing the connections, when the LAN cannot connect to the internet, it seems there are abnormal amount of outside DNS requests going to the internal IPs, many times each PC have Multiple simultaneous requests. like 10 - 15 per pc so my "sh conn" jump from 15 to easily over 100. I only have 15 devices at the site. maybe 20 with phones connecting to wifi.
I'm not sure if this is a DNS DOS attack from someone inside or outside?
I have tried changing the DNS servers and get the same result. I'm at the point now where I have all devices turned off or disconnected from the network and can't seem to get the ASA internet back up this time at all.
Any all help would be appreciated.