Re: ASA problem from Tony Singh on 2012-09-27 (Ccielab archives 09/2012)

From: Tony Singh <mothafungla_at_gmail.com>
Date: Thu, 27 Sep 2012 15:06:37 +0100
Here's my hunch it seems to happen when I'm on my laptop with a lot of tcp sessions i.e tabs on chrome...
Same kind of thing used to happen on other vender all in one wifi routers...until upgrading to code that fixed the issues so I hear you...
Ryan my eyes are hurting with that list wa wa we wa (borat)
What do you guys recommend as a stable code /if
Thanks both for the help
--
BR
Tony
Sent from my iPhone on 3
On 27 Sep 2012, at 14:48, Ryan West <rwest_at_zyedge.com> wrote:
> I would agree with Joe here.  Here is the 8.4 caveat list:
> 
> http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html#wp536788
> 
> -ryan
> 
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Joe Sanchez
> Sent: Thursday, September 27, 2012 9:44 AM
> To: Tony Singh
> Cc: Jay McMickle; Haroon; Ciscocertification
> Subject: Re: ASA problem
> 
> I've had to upgrade many ASA's even with 2gb ram, with the latest code because of issues with ASA lockups/reboots it doesn't matter which platform other then the 5585x they have been solid. These ASA were running the 8.3 and I believe 1 might have been 8.42?  Several issues that Cisco tries to fix with releases that did solve the original issues but caused other issues to raise there heads.
> 
> Regards,
> Joe Sanchez
> 
> ( please excuse the brevity of this email as it was sent via a mobile device.  Please excuse misspelled words or sentence structure.) 
> 
> On Sep 27, 2012, at 8:36 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
> 
>> Will check next time it happens as Haroon suggested to see if default 
>> route is still present, was last time but might be worth some further 
>> debugging and will report back, doesn't seem a common issue at this 
>> code maybe :/
>> 
>> --
>> BR
>> 
>> Tony
>> 
>> Sent from my iPhone on 3
>> 
>> On 27 Sep 2012, at 14:32, Tony Singh <mothafungla_at_gmail.com> wrote:
>> 
>>> Sorry Joe meant latter as in RAM is 512k in reply to Jay (free memory 
>>> when unit locked up showed ample free anyhow)
>>> 
>>> Code running is 8.4.1 (post pix cli era I believe)
>>> 
>>> --
>>> BR
>>> 
>>> Tony
>>> 
>>> Sent from my iPhone on 3
>>> 
>>> On 27 Sep 2012, at 13:23, Joe Sanchez <marco207p_at_gmail.com> wrote:
>>> 
>>>> I recall lots of bugs in the 8.3 code .  Mostly the ASA would lock up and reboot on occasions .  Have you tried to upgrade? 
>>>> 
>>>> Regards,
>>>> Joe Sanchez
>>>> 
>>>> ( please excuse the brevity of this email as it was sent via a 
>>>> mobile device.  Please excuse misspelled words or sentence 
>>>> structure.)
>>>> 
>>>> On Sep 27, 2012, at 1:34 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>> 
>>>>> Hi Jay
>>>>> 
>>>>> Thanks for reply yes it is the latter.
>>>>> 
>>>>> --
>>>>> BR
>>>>> 
>>>>> Sent from my iPhone on 3
>>>>> 
>>>>> On 27 Sep 2012, at 02:02, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
>>>>> 
>>>>>> Tony- how much RAM is in your 5505? If 256 (standard on old ones), this could be your issue with 8.3+ IOS.
>>>>>> 
>>>>>> If 512, disregard.
>>>>>> 
>>>>>> Regards,
>>>>>> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design) Sent 
>>>>>> from my iPhone
>>>>>> 
>>>>>> On Sep 26, 2012, at 2:40 PM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>>> 
>>>>>>> Hi Haroon
>>>>>>> 
>>>>>>> Next time it goes down will attempt your suggestion although it 
>>>>>>> did have the gateway of the last resort in the routing table :/
>>>>>>> 
>>>>>>> --
>>>>>>> BR
>>>>>>> 
>>>>>>> Sent from my iPhone on 3
>>>>>>> 
>>>>>>> On 26 Sep 2012, at 20:27, Haroon <itguy.pro_at_gmail.com> wrote:
>>>>>>> 
>>>>>>>> what if you hard code default gateway?
>>>>>>>> 
>>>>>>>> route outside 0.0.0.0 0.0.0.0 isp
>>>>>>>> 
>>>>>>>> On Wed, Sep 26, 2012 at 1:27 PM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>>>>> Good Evening List,
>>>>>>>> 
>>>>>>>> I have an issue with my ASA 5505 recently seems to be locking up 
>>>>>>>> and end-result is no default gateway access to my isp router and 
>>>>>>>> bump no internet!
>>>>>>>> 
>>>>>>>> Its running Version 8.4(1)  & is a base license...
>>>>>>>> 
>>>>>>>> Now some t-shooting has got me no where, no top cpu-usage 
>>>>>>>> processes, enough free memory , asdm logs when it goes down 
>>>>>>>> nothing unusual but the usual pat translations with tcp flags i.e syn timeout etc etc..
>>>>>>>> 
>>>>>>>> translations showed...
>>>>>>>> 
>>>>>>>> *ciscoasa# show xlate count *
>>>>>>>> 323 in use, 583 most used
>>>>>>>> 
>>>>>>>> tried clearing this - no good still could not ping my default gateway.....
>>>>>>>> 
>>>>>>>> an arp showed that I could see the default gateway address 
>>>>>>>> (although admittedly did not try clearing this to see if it did 
>>>>>>>> the arp translation again)
>>>>>>>> 
>>>>>>>> input packets from isp were stuck here, but might be down to above...
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is 
>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 
>>>>>>>> 100 usec
>>>>>>>>  MAC address 001e.4a87.44ab, MTU 1500
>>>>>>>>  IP address x.x.x.x, subnet mask 255.255.254.0 Traffic 
>>>>>>>> Statistics for "outside":
>>>>>>>>  *9747366 packets input*, 1919996429 bytes
>>>>>>>>  14907915 packets output, 13057288639 bytes
>>>>>>>>  760415 packets dropped
>>>>>>>> 1 minute input rate 0 pkts/sec,  0 bytes/sec
>>>>>>>> 1 minute output rate 8 pkts/sec,  464 bytes/sec
>>>>>>>> 1 minute drop rate, 0 pkts/sec
>>>>>>>> 5 minute input rate 0 pkts/sec,  2 bytes/sec
>>>>>>>> 5 minute output rate 22 pkts/sec,  1297 bytes/sec
>>>>>>>> 5 minute drop rate, 0 pkts/sec
>>>>>>>> 
>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is 
>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 
>>>>>>>> 100 usec
>>>>>>>>  MAC address 001e.4a87.44ab, MTU 1500
>>>>>>>>  IP address x.x.x.x, subnet mask 255.255.254.0 Traffic 
>>>>>>>> Statistics for "outside":
>>>>>>>>  *9747366 packets input*, 1919996429 bytes
>>>>>>>>  14907919 packets output, 13057288877 bytes
>>>>>>>>  760415 packets dropped
>>>>>>>> 1 minute input rate 0 pkts/sec,  0 bytes/sec
>>>>>>>> 1 minute output rate 8 pkts/sec,  464 bytes/sec
>>>>>>>> 1 minute drop rate, 0 pkts/sec
>>>>>>>> 5 minute input rate 0 pkts/sec,  2 bytes/sec
>>>>>>>> 5 minute output rate 22 pkts/sec,  1297 bytes/sec
>>>>>>>> 5 minute drop rate, 0 pkts/sec
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is 
>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 
>>>>>>>> 100 usec
>>>>>>>>  MAC address 001e.4a87.44ab, MTU 1500
>>>>>>>>  IP address x.x.x.x, subnet mask 255.255.254.0 Traffic 
>>>>>>>> Statistics for "outside":
>>>>>>>>  *9747366 packets input*, 1919996429 bytes
>>>>>>>>  14907920 packets output, 13057288946 bytes
>>>>>>>>  760415 packets dropped
>>>>>>>> 1 minute input rate 0 pkts/sec,  0 bytes/sec
>>>>>>>> 1 minute output rate 8 pkts/sec,  464 bytes/sec
>>>>>>>> 1 minute drop rate, 0 pkts/sec
>>>>>>>> 5 minute input rate 0 pkts/sec,  2 bytes/sec
>>>>>>>> 5 minute output rate 22 pkts/sec,  1297 bytes/sec
>>>>>>>> 5 minute drop rate, 0 pkts/sec
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> config on the outside interface is
>>>>>>>> 
>>>>>>>> interface Vlan2 (eth0/0)
>>>>>>>> nameif outside
>>>>>>>> security-level 0
>>>>>>>> ip address dhcp setroute
>>>>>>>> 
>>>>>>>> 
>>>>>>>> my outside interface picks up or still has the dhcpd binding 
>>>>>>>> from the isp and the outside svi vlan 2 pings from the asa ok...
>>>>>>>> 
>>>>>>>> been getting tired of reloading recently, so decided to shut the 
>>>>>>>> vlan 2 svi down and take the dhcp config off & re-applied this 
>>>>>>>> and it seemed to let me ping the default gateway again...
>>>>>>>> 
>>>>>>>> google dns 8.8.8.8 pings ok now, but xlates were showing 0 when 
>>>>>>>> attempting to connect from various devices and in the end had to reload the asa again.
>>>>>>>> 
>>>>>>>> apologies for this long mail, any suggestions on what im doing 
>>>>>>>> wrong
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>> 
>>>>>>>> ________________________________________________________________
>>>>>>>> _______ Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> --
>>>>>>>> Virtualization.net
>>>>>>>> Post Jobs, News, Forums, Tutorials http://www.virtualization.net
>>>>>>> 
>>>>>>> 
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>> 
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at: 
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>> 
>>>>> 
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>> 
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at: 
>>>>> http://www.groupstudy.com/list/CCIELab.html
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 27 2012 - 15:06:37 ART
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART