Solved

Cisco ASA -- weird connection issue

Posted on 2016-10-24
6
91 Views
Last Modified: 2016-11-07
Hi There,

i've never seen this issue before so i'm running it through the experts while i'm waiting on cisco support to get back to me.

I recently configured a cisco asa 5516 with fire power. All security settings are disabled so the unit is simple working as a router\dhcp for the time being. We have cable modem as our ISP with a block of 5 ip.

We've been experiencing packets drops out to the web on and off throughout the day. To prove my point that it was ISP isues i setup a computer connecting directly to the modem, i ran continous pings to an internt host the connection showed to be spotty. The ISP came over, ran their tests, etc. When they disconnect the firewall from the modem everything worked, meaning the computer with the public IP did not drop any packets or had issues, as soon as the firewall was connected back to the modem the compuer with the public IP started having issues. Since it didn't make any sense to me i changed cables, used the same ports of the  modem we used for successful tests, i had them change the modem just in case, i hard coded the interface speed on the FW end to no avail.

Honestly i don't even know what to make of it but if any one has seen anything like this before and wants to share some thoughts i'm open to suggestions.

thanks.
0
Comment
Question by:jorge diaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:El Fierro
ID: 41857740
what ios version are you at?
0
 
LVL 16

Expert Comment

by:max_the_king
ID: 41858190
Hi
You need To be sure that there is no Nat on ISP router.
Also you need to be sure that the public and private firewall ip are not used into your environment.
It sounds trivial but i bet that the problem may be there.
Hope this helps
Max
0
 
LVL 6

Author Comment

by:jorge diaz
ID: 41859331
this is very odd. it seems as if something chokes the connection at times, I"m running ASA ver. 9.5(1).  No nat on ISP device, it just a modem. the issue is on and off. Had cisco run a few test and they point to ISP, had ISP run a few test and they point to Cisco. The truth is that if cisco is out of the loop the circuit seems to work just fine. I"m setting up a spare sonicwall tonight and route through it, that'll be the ultimate test. i'll you keep you posted.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 16

Assisted Solution

by:max_the_king
max_the_king earned 250 total points
ID: 41859385
i'd try and change Asa public IP.
And then i'd give a check on Nat.
problem is around there anyway
max
0
 
LVL 4

Accepted Solution

by:
El Fierro earned 250 total points
ID: 41859409
been there with the finger pointing by the isp and hardware vendor.
have you checked the inspection policy?
as far as the asa i would upgrade to 9.6,  i recently deployed a 5512x running 9.5 although we didnt have drops for some odd reason it would perform sluggish at times when natting a couple of ips.after the updgrade to 9.6 the performance issue was fixed...it's worth a shot since i was stumped for a moment. good luck
0
 
LVL 6

Author Closing Comment

by:jorge diaz
ID: 41877722
thanks for your help. i upgraded to 9.6 and it all seems to be working now. that was weird, never seen anything like that on the asa.

thanks.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question