CISCO ASA 5505 - strange behavior (Inside Interface down)

Hi there.
I got a used CISCO ASA 5505 and trying to set it up.
I did following:  

1. Update images to:
   - ASA Version: 9.2(2)  
   - ASDM Version: 7.2(2)
2. Factory reset
3. Configure Firewall using the wizard with external Static external IP and internal
4. Setup AnyConnect VPN with SSL using vizard
5. Allow ping from inside to the Internet (It didn't work by default)
6. setup RDP to one Windows machine inside
7. Fix AnyConnect by some configuration change (it didn't allow either Internet access or access to any object inside)
8. Allow ASDM remote connection.

My test environments:
Just one Windows PC directly connected to ASA Eth-1 with static IP address:    

Everything works for a while. From inside I can access Internet, from outside I can RDP and Anyconnect. But after a while (1 hour or so)  ASA strangely changing the IP address of the PC to and I can not access Internet from inside anymore. If I restart the ASA the PC IP get back to and everything starts working again.

From Internet I can still access the ASA remotely using ASDM and I can see following Logs:
%ASA-4-411002: Line protocol on Interface Ethernet0/1, changed state to down
%ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

I already change the connection of PC to ASA to Eth-5, still same problem(Just the error log change to Ethernet0/5.

What do you think could be the problem? How even the ASA can effect the Static IP address of the PC?  
I included the ASA configuration file also the PC IPConfig when it works and when it doesn't (Bad) .

Thank you in advanced
Who is Participating?
Muhannad AbushammaCommented:
Dear exasasn,

Try to disable the proxy arp in the inside interface of the ASA and test again.

Feroz AhmedSenior Network EngineerCommented:

I think you have 2 Lan Cards installed on your PC One is connected to ASA and assigned Static IP and another one is Lan card is assigned IP address IP address.Could you plz disable the Lan card which is not being used to overcome this issue and check.If not plz send me log file of (Debug ICMP Trace) on ASA firewall from Inside PC try to ping outside network or Internet and check for trace file and send me the log file.
exsasanAuthor Commented:
Thanks Feroz for comment.
For test I disconnected the PC and added two laptop to inside network, both just have one Lan and any other network adapter including  the wifi is disabled, after about an hour the first one Ip address changed and stopped working and other one stopped after about 2 hours.

Based on my finding so far, something on ASA tell the PC that it has a duplicate IP address and the windows Autoconfiguration give it a 169. range Ip address to avoid the duplicate (Please have a look at the  ipconfig-bad.txt ) , lots of people have this issue and fixed it by disabling the Windows Autoconfiguration but in my case I have to know why/what on ASA trigger this behavior otherwise I can not us this ASA in production.
I don't have access to network right now I try to generate the logs that you asked on Monday.
exsasanAuthor Commented:
It seems it is a common issue on Windows that if the Autoconfiguration is on (That is on by default) and the computer has an static IP address (Like mine) and windows feel that IP is duplicated (Although its not) it automatically generate an IP address.
Lots of people fix this by turning off Windows Autoconfiguration.
In my case the reason for windows to feel like that was proxy-arp on ASA and by turning that off the problem solved.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.