Solved

Cisco ASA -- weird connection issue

Posted on 2016-10-24
6
93 Views
Last Modified: 2016-11-07
Hi There,

i've never seen this issue before so i'm running it through the experts while i'm waiting on cisco support to get back to me.

I recently configured a cisco asa 5516 with fire power. All security settings are disabled so the unit is simple working as a router\dhcp for the time being. We have cable modem as our ISP with a block of 5 ip.

We've been experiencing packets drops out to the web on and off throughout the day. To prove my point that it was ISP isues i setup a computer connecting directly to the modem, i ran continous pings to an internt host the connection showed to be spotty. The ISP came over, ran their tests, etc. When they disconnect the firewall from the modem everything worked, meaning the computer with the public IP did not drop any packets or had issues, as soon as the firewall was connected back to the modem the compuer with the public IP started having issues. Since it didn't make any sense to me i changed cables, used the same ports of the  modem we used for successful tests, i had them change the modem just in case, i hard coded the interface speed on the FW end to no avail.

Honestly i don't even know what to make of it but if any one has seen anything like this before and wants to share some thoughts i'm open to suggestions.

thanks.
0
Comment
Question by:jorge diaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:El Fierro
ID: 41857740
what ios version are you at?
0
 
LVL 16

Expert Comment

by:max_the_king
ID: 41858190
Hi
You need To be sure that there is no Nat on ISP router.
Also you need to be sure that the public and private firewall ip are not used into your environment.
It sounds trivial but i bet that the problem may be there.
Hope this helps
Max
0
 
LVL 6

Author Comment

by:jorge diaz
ID: 41859331
this is very odd. it seems as if something chokes the connection at times, I"m running ASA ver. 9.5(1).  No nat on ISP device, it just a modem. the issue is on and off. Had cisco run a few test and they point to ISP, had ISP run a few test and they point to Cisco. The truth is that if cisco is out of the loop the circuit seems to work just fine. I"m setting up a spare sonicwall tonight and route through it, that'll be the ultimate test. i'll you keep you posted.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 16

Assisted Solution

by:max_the_king
max_the_king earned 250 total points
ID: 41859385
i'd try and change Asa public IP.
And then i'd give a check on Nat.
problem is around there anyway
max
0
 
LVL 4

Accepted Solution

by:
El Fierro earned 250 total points
ID: 41859409
been there with the finger pointing by the isp and hardware vendor.
have you checked the inspection policy?
as far as the asa i would upgrade to 9.6,  i recently deployed a 5512x running 9.5 although we didnt have drops for some odd reason it would perform sluggish at times when natting a couple of ips.after the updgrade to 9.6 the performance issue was fixed...it's worth a shot since i was stumped for a moment. good luck
0
 
LVL 6

Author Closing Comment

by:jorge diaz
ID: 41877722
thanks for your help. i upgraded to 9.6 and it all seems to be working now. that was weird, never seen anything like that on the asa.

thanks.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question