Solved

CISCO ASA 5505 - strange behavior (Inside Interface down)

Posted on 2016-09-09
4
49 Views
Last Modified: 2016-09-27
Hi there.
I got a used CISCO ASA 5505 and trying to set it up.
I did following:  

1. Update images to:
   - ASA Version: 9.2(2)  
   - ASDM Version: 7.2(2)
2. Factory reset
3. Configure Firewall using the wizard with external Static external IP and internal 172.22.0.0
4. Setup AnyConnect VPN with SSL using vizard
5. Allow ping from inside to the Internet (It didn't work by default)
6. setup RDP to one Windows machine inside
7. Fix AnyConnect by some configuration change (it didn't allow either Internet access or access to any object inside)
8. Allow ASDM remote connection.

My test environments:
Just one Windows PC directly connected to ASA Eth-1 with static IP address: 172.22.0.2    

Test:
Everything works for a while. From inside I can access Internet, from outside I can RDP and Anyconnect. But after a while (1 hour or so)  ASA strangely changing the IP address of the PC to 169.254.38.100 and I can not access Internet from inside anymore. If I restart the ASA the PC IP get back to 172.22.0.2 and everything starts working again.

From Internet I can still access the ASA remotely using ASDM and I can see following Logs:
%ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down
%ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

I already change the connection of PC to ASA to Eth-5, still same problem(Just the error log change to Ethernet0/5.

What do you think could be the problem? How even the ASA can effect the Static IP address of the PC?  
I included the ASA configuration file also the PC IPConfig when it works and when it doesn't (Bad) .

Thank you in advanced
Current-Config---Clean.txt
ipconfig-works.txt
ipconfig-bad.txt
0
Comment
Question by:exsasan
  • 2
4 Comments
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 41792270
Hi,

I think you have 2 Lan Cards installed on your PC One is connected to ASA and assigned Static IP and another one is Lan card is assigned IP address 169.254.38.100 IP address.Could you plz disable the Lan card which is not being used to overcome this issue and check.If not plz send me log file of (Debug ICMP Trace) on ASA firewall from Inside PC try to ping outside network or Internet and check for trace file and send me the log file.
0
 

Author Comment

by:exsasan
ID: 41793171
Thanks Feroz for comment.
For test I disconnected the PC and added two laptop to inside network, both just have one Lan and any other network adapter including  the wifi is disabled, after about an hour the first one Ip address changed and stopped working and other one stopped after about 2 hours.

Based on my finding so far, something on ASA tell the PC that it has a duplicate IP address and the windows Autoconfiguration give it a 169. range Ip address to avoid the duplicate (Please have a look at the  ipconfig-bad.txt ) , lots of people have this issue and fixed it by disabling the Windows Autoconfiguration but in my case I have to know why/what on ASA trigger this behavior otherwise I can not us this ASA in production.
I don't have access to network right now I try to generate the logs that you asked on Monday.
Thanks
0
 
LVL 1

Accepted Solution

by:
Muhannad Abushamma earned 500 total points
ID: 41803108
Dear exasasn,

Try to disable the proxy arp in the inside interface of the ASA and test again.

Regards,
Muhannad
1
 

Author Closing Comment

by:exsasan
ID: 41818945
It seems it is a common issue on Windows that if the Autoconfiguration is on (That is on by default) and the computer has an static IP address (Like mine) and windows feel that IP is duplicated (Although its not) it automatically generate an IP address.
Lots of people fix this by turning off Windows Autoconfiguration.
In my case the reason for windows to feel like that was proxy-arp on ASA and by turning that off the problem solved.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now