Hi Joseph
The consequence of the bad dns was after I forced the dhcp to send a client request to the gateway for the server to send me dhcp lease details again....only then I got ip reachability to the gateway address but after with a resolution problem, need to understand what causes the lockup though...
On auto nat have some untranslated hits from other inside traffic that I need to figure out..
ciscoasa# show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static any any destination static NETWORK_OBJ_192.168.2.0_28 NETWORK_OBJ_192.168.2.0_28
translate_hits = 4, untranslate_hits = 0
Auto NAT Policies (Section 2)
1 (inside) to (outside) source dynamic obj_any interface
translate_hits = 127900, untranslate_hits = 24979
Manual NAT Policies (Section 3)
1 (outside) to (outside) source dynamic SSLVPN_ON_A_STICK_1.1.1.0_29 interface
translate_hits = 0, untranslate_hits = 0
-- BR Tony Sent from my iPhone on 3 On 26 Sep 2012, at 21:42, "Joseph L. Brunner" <joe_at_affirmedsystems.com> wrote: > Let's see your nat config... > > Its complex and goofy now... > > The only other thing I can think of is like you said bad dns info. > > -----Original Message----- > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Tony Singh > Sent: Wednesday, September 26, 2012 1:28 PM > To: Cisco certification > Subject: ASA problem > > Good Evening List, > > I have an issue with my ASA 5505 recently seems to be locking up and end-result is no default gateway access to my isp router and bump no internet! > > Its running Version 8.4(1) & is a base license... > > Now some t-shooting has got me no where, no top cpu-usage processes, enough free memory , asdm logs when it goes down nothing unusual but the usual pat translations with tcp flags i.e syn timeout etc etc.. > > translations showed... > > *ciscoasa# show xlate count * > 323 in use, 583 most used > > tried clearing this - no good still could not ping my default gateway..... > > an arp showed that I could see the default gateway address (although admittedly did not try clearing this to see if it did the arp translation again) > > input packets from isp were stuck here, but might be down to above... > > > ciscoasa(config-if)# sh int Vlan2 > Interface Vlan2 "outside", is up, line protocol is up > Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec > MAC address 001e.4a87.44ab, MTU 1500 > IP address x.x.x.x, subnet mask 255.255.254.0 > Traffic Statistics for "outside": > *9747366 packets input*, 1919996429 bytes > 14907915 packets output, 13057288639 bytes > 760415 packets dropped > 1 minute input rate 0 pkts/sec, 0 bytes/sec > 1 minute output rate 8 pkts/sec, 464 bytes/sec > 1 minute drop rate, 0 pkts/sec > 5 minute input rate 0 pkts/sec, 2 bytes/sec > 5 minute output rate 22 pkts/sec, 1297 bytes/sec > 5 minute drop rate, 0 pkts/sec > > ciscoasa(config-if)# sh int Vlan2 > Interface Vlan2 "outside", is up, line protocol is up > Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec > MAC address 001e.4a87.44ab, MTU 1500 > IP address x.x.x.x, subnet mask 255.255.254.0 > Traffic Statistics for "outside": > *9747366 packets input*, 1919996429 bytes > 14907919 packets output, 13057288877 bytes > 760415 packets dropped > 1 minute input rate 0 pkts/sec, 0 bytes/sec > 1 minute output rate 8 pkts/sec, 464 bytes/sec > 1 minute drop rate, 0 pkts/sec > 5 minute input rate 0 pkts/sec, 2 bytes/sec > 5 minute output rate 22 pkts/sec, 1297 bytes/sec > 5 minute drop rate, 0 pkts/sec > > > ciscoasa(config-if)# sh int Vlan2 > Interface Vlan2 "outside", is up, line protocol is up > Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec > MAC address 001e.4a87.44ab, MTU 1500 > IP address x.x.x.x, subnet mask 255.255.254.0 > Traffic Statistics for "outside": > *9747366 packets input*, 1919996429 bytes > 14907920 packets output, 13057288946 bytes > 760415 packets dropped > 1 minute input rate 0 pkts/sec, 0 bytes/sec > 1 minute output rate 8 pkts/sec, 464 bytes/sec > 1 minute drop rate, 0 pkts/sec > 5 minute input rate 0 pkts/sec, 2 bytes/sec > 5 minute output rate 22 pkts/sec, 1297 bytes/sec > 5 minute drop rate, 0 pkts/sec > > > > config on the outside interface is > > interface Vlan2 (eth0/0) > nameif outside > security-level 0 > ip address dhcp setroute > > > my outside interface picks up or still has the dhcpd binding from the isp and the outside svi vlan 2 pings from the asa ok... > > been getting tired of reloading recently, so decided to shut the vlan 2 svi down and take the dhcp config off & re-applied this and it seemed to let me ping the default gateway again... > > google dns 8.8.8.8 pings ok now, but xlates were showing 0 when attempting to connect from various devices and in the end had to reload the asa again. > > apologies for this long mail, any suggestions on what im doing wrong > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Wed Sep 26 2012 - 22:05:11 ART
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART