Re: ASA problem

what if you hard code default gateway?

route outside 0.0.0.0 0.0.0.0 isp

On Wed, Sep 26, 2012 at 1:27 PM, Tony Singh <mothafungla_at_gmail.com> wrote:

> Good Evening List,
>
> I have an issue with my ASA 5505 recently seems to be locking up and
> end-result is no default gateway access to my isp router and bump no
> internet!
>
> Its running Version 8.4(1) & is a base license...
>
> Now some t-shooting has got me no where, no top cpu-usage processes, enough
> free memory , asdm logs when it goes down nothing unusual but the usual pat
> translations with tcp flags i.e syn timeout etc etc..
>
> translations showed...
>
> *ciscoasa# show xlate count *
> 323 in use, 583 most used
>
> tried clearing this - no good still could not ping my default gateway.....
>
> an arp showed that I could see the default gateway address
> (although admittedly did not try clearing this to see if it did the arp
> translation again)
>
> input packets from isp were stuck here, but might be down to above...
>
>
> ciscoasa(config-if)# sh int Vlan2
> Interface Vlan2 "outside", is up, line protocol is up
> Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
> MAC address 001e.4a87.44ab, MTU 1500
> IP address x.x.x.x, subnet mask 255.255.254.0
> Traffic Statistics for "outside":
> *9747366 packets input*, 1919996429 bytes
> 14907915 packets output, 13057288639 bytes
> 760415 packets dropped
> 1 minute input rate 0 pkts/sec, 0 bytes/sec
> 1 minute output rate 8 pkts/sec, 464 bytes/sec
> 1 minute drop rate, 0 pkts/sec
> 5 minute input rate 0 pkts/sec, 2 bytes/sec
> 5 minute output rate 22 pkts/sec, 1297 bytes/sec
> 5 minute drop rate, 0 pkts/sec
>
> ciscoasa(config-if)# sh int Vlan2
> Interface Vlan2 "outside", is up, line protocol is up
> Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
> MAC address 001e.4a87.44ab, MTU 1500
> IP address x.x.x.x, subnet mask 255.255.254.0
> Traffic Statistics for "outside":
> *9747366 packets input*, 1919996429 bytes
> 14907919 packets output, 13057288877 bytes
> 760415 packets dropped
> 1 minute input rate 0 pkts/sec, 0 bytes/sec
> 1 minute output rate 8 pkts/sec, 464 bytes/sec
> 1 minute drop rate, 0 pkts/sec
> 5 minute input rate 0 pkts/sec, 2 bytes/sec
> 5 minute output rate 22 pkts/sec, 1297 bytes/sec
> 5 minute drop rate, 0 pkts/sec
>
>
> ciscoasa(config-if)# sh int Vlan2
> Interface Vlan2 "outside", is up, line protocol is up
> Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
> MAC address 001e.4a87.44ab, MTU 1500
> IP address x.x.x.x, subnet mask 255.255.254.0
> Traffic Statistics for "outside":
> *9747366 packets input*, 1919996429 bytes
> 14907920 packets output, 13057288946 bytes
> 760415 packets dropped
> 1 minute input rate 0 pkts/sec, 0 bytes/sec
> 1 minute output rate 8 pkts/sec, 464 bytes/sec
> 1 minute drop rate, 0 pkts/sec
> 5 minute input rate 0 pkts/sec, 2 bytes/sec
> 5 minute output rate 22 pkts/sec, 1297 bytes/sec
> 5 minute drop rate, 0 pkts/sec
>
>
>
> config on the outside interface is
>
> interface Vlan2 (eth0/0)
> nameif outside
> security-level 0
> ip address dhcp setroute
>
>
> my outside interface picks up or still has the dhcpd binding from the isp
> and the outside svi vlan 2 pings from the asa ok...
>
> been getting tired of reloading recently, so decided to shut the vlan 2 svi
> down and take the dhcp config off & re-applied this and it seemed to let me
> ping the default gateway again...
>
> google dns 8.8.8.8 pings ok now, but xlates were showing 0 when attempting
> to connect from various devices and in the end had to reload the asa again.
>
> apologies for this long mail, any suggestions on what im doing wrong
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
*Virtualization.net*
*Post Jobs, News, Forums, Tutorials*
http://www.virtualization.net
Blogs and organic groups at http://www.ccie.net