Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ASA -- weird connection issue

Posted on 2016-10-24
6
Medium Priority
?
99 Views
Last Modified: 2016-11-07
Hi There,

i've never seen this issue before so i'm running it through the experts while i'm waiting on cisco support to get back to me.

I recently configured a cisco asa 5516 with fire power. All security settings are disabled so the unit is simple working as a router\dhcp for the time being. We have cable modem as our ISP with a block of 5 ip.

We've been experiencing packets drops out to the web on and off throughout the day. To prove my point that it was ISP isues i setup a computer connecting directly to the modem, i ran continous pings to an internt host the connection showed to be spotty. The ISP came over, ran their tests, etc. When they disconnect the firewall from the modem everything worked, meaning the computer with the public IP did not drop any packets or had issues, as soon as the firewall was connected back to the modem the compuer with the public IP started having issues. Since it didn't make any sense to me i changed cables, used the same ports of the  modem we used for successful tests, i had them change the modem just in case, i hard coded the interface speed on the FW end to no avail.

Honestly i don't even know what to make of it but if any one has seen anything like this before and wants to share some thoughts i'm open to suggestions.

thanks.
0
Comment
Question by:jorge diaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:El Fierro
ID: 41857740
what ios version are you at?
0
 
LVL 17

Expert Comment

by:max_the_king
ID: 41858190
Hi
You need To be sure that there is no Nat on ISP router.
Also you need to be sure that the public and private firewall ip are not used into your environment.
It sounds trivial but i bet that the problem may be there.
Hope this helps
Max
0
 
LVL 7

Author Comment

by:jorge diaz
ID: 41859331
this is very odd. it seems as if something chokes the connection at times, I"m running ASA ver. 9.5(1).  No nat on ISP device, it just a modem. the issue is on and off. Had cisco run a few test and they point to ISP, had ISP run a few test and they point to Cisco. The truth is that if cisco is out of the loop the circuit seems to work just fine. I"m setting up a spare sonicwall tonight and route through it, that'll be the ultimate test. i'll you keep you posted.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 17

Assisted Solution

by:max_the_king
max_the_king earned 1000 total points
ID: 41859385
i'd try and change Asa public IP.
And then i'd give a check on Nat.
problem is around there anyway
max
0
 
LVL 4

Accepted Solution

by:
El Fierro earned 1000 total points
ID: 41859409
been there with the finger pointing by the isp and hardware vendor.
have you checked the inspection policy?
as far as the asa i would upgrade to 9.6,  i recently deployed a 5512x running 9.5 although we didnt have drops for some odd reason it would perform sluggish at times when natting a couple of ips.after the updgrade to 9.6 the performance issue was fixed...it's worth a shot since i was stumped for a moment. good luck
0
 
LVL 7

Author Closing Comment

by:jorge diaz
ID: 41877722
thanks for your help. i upgraded to 9.6 and it all seems to be working now. that was weird, never seen anything like that on the asa.

thanks.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question