ASA problem

Good Evening List,

I have an issue with my ASA 5505 recently seems to be locking up and
end-result is no default gateway access to my isp router and bump no
internet!

Its running Version 8.4(1) & is a base license...

Now some t-shooting has got me no where, no top cpu-usage processes, enough
free memory , asdm logs when it goes down nothing unusual but the usual pat
translations with tcp flags i.e syn timeout etc etc..

translations showed...

*ciscoasa# show xlate count *
323 in use, 583 most used

tried clearing this - no good still could not ping my default gateway.....

an arp showed that I could see the default gateway address
(although admittedly did not try clearing this to see if it did the arp
translation again)

input packets from isp were stuck here, but might be down to above...

ciscoasa(config-if)# sh int Vlan2
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 001e.4a87.44ab, MTU 1500
        IP address x.x.x.x, subnet mask 255.255.254.0
  Traffic Statistics for "outside":
        *9747366 packets input*, 1919996429 bytes
        14907915 packets output, 13057288639 bytes
        760415 packets dropped
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 8 pkts/sec, 464 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 2 bytes/sec
      5 minute output rate 22 pkts/sec, 1297 bytes/sec
      5 minute drop rate, 0 pkts/sec

ciscoasa(config-if)# sh int Vlan2
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 001e.4a87.44ab, MTU 1500
        IP address x.x.x.x, subnet mask 255.255.254.0
  Traffic Statistics for "outside":
        *9747366 packets input*, 1919996429 bytes
        14907919 packets output, 13057288877 bytes
        760415 packets dropped
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 8 pkts/sec, 464 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 2 bytes/sec
      5 minute output rate 22 pkts/sec, 1297 bytes/sec
      5 minute drop rate, 0 pkts/sec

ciscoasa(config-if)# sh int Vlan2
Interface Vlan2 "outside", is up, line protocol is up
  Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
        MAC address 001e.4a87.44ab, MTU 1500
        IP address x.x.x.x, subnet mask 255.255.254.0
  Traffic Statistics for "outside":
        *9747366 packets input*, 1919996429 bytes
        14907920 packets output, 13057288946 bytes
        760415 packets dropped
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 8 pkts/sec, 464 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 2 bytes/sec
      5 minute output rate 22 pkts/sec, 1297 bytes/sec
      5 minute drop rate, 0 pkts/sec

config on the outside interface is

interface Vlan2 (eth0/0)
 nameif outside
 security-level 0
 ip address dhcp setroute

my outside interface picks up or still has the dhcpd binding from the isp
and the outside svi vlan 2 pings from the asa ok...

been getting tired of reloading recently, so decided to shut the vlan 2 svi
down and take the dhcp config off & re-applied this and it seemed to let me
ping the default gateway again...

google dns 8.8.8.8 pings ok now, but xlates were showing 0 when attempting
to connect from various devices and in the end had to reload the asa again.

apologies for this long mail, any suggestions on what im doing wrong

Blogs and organic groups at http://www.ccie.net
Received on Wed Sep 26 2012 - 18:27:37 ART