Hi Tony,
Use packet capture through asdm.
Cheers,
Nick
On Thu, Sep 27, 2012 at 8:23 PM, Tony Singh <mothafungla_at_gmail.com> wrote:
> It's the image it shipped with but hear you.
>
> Thanks for the advice.
>
> --
> BR
>
> Tony
>
> Sent from my iPhone on 3
>
> On 27 Sep 2012, at 15:45, Ryan West <rwest_at_zyedge.com> wrote:
>
> > I've had the best luck with 8.2(5)26 or 29. Since you're already in NAT
> hell, I would run 8.4.4.1. Running first release new train code is just
> asking for trouble IMO.
> >
> > Sent from handheld
> >
> > On Sep 27, 2012, at 10:06 AM, "Tony Singh" <mothafungla_at_gmail.com>
> wrote:
> >
> >> Here's my hunch it seems to happen when I'm on my laptop with a lot of
> tcp sessions i.e tabs on chrome...
> >>
> >> Same kind of thing used to happen on other vender all in one wifi
> routers...until upgrading to code that fixed the issues so I hear you...
> >>
> >> Ryan my eyes are hurting with that list wa wa we wa (borat)
> >>
> >> What do you guys recommend as a stable code /if
> >>
> >> Thanks both for the help
> >>
> >> --
> >> BR
> >>
> >> Tony
> >>
> >> Sent from my iPhone on 3
> >>
> >> On 27 Sep 2012, at 14:48, Ryan West <rwest_at_zyedge.com> wrote:
> >>
> >>> I would agree with Joe here. Here is the 8.4 caveat list:
> >>>
> >>>
> http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html#wp536788
> >>>
> >>> -ryan
> >>>
> >>> -----Original Message-----
> >>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of Joe Sanchez
> >>> Sent: Thursday, September 27, 2012 9:44 AM
> >>> To: Tony Singh
> >>> Cc: Jay McMickle; Haroon; Ciscocertification
> >>> Subject: Re: ASA problem
> >>>
> >>> I've had to upgrade many ASA's even with 2gb ram, with the latest code
> because of issues with ASA lockups/reboots it doesn't matter which platform
> other then the 5585x they have been solid. These ASA were running the 8.3
> and I believe 1 might have been 8.42? Several issues that Cisco tries to
> fix with releases that did solve the original issues but caused other
> issues to raise there heads.
> >>>
> >>> Regards,
> >>> Joe Sanchez
> >>>
> >>> ( please excuse the brevity of this email as it was sent via a mobile
> device. Please excuse misspelled words or sentence structure.)
> >>>
> >>> On Sep 27, 2012, at 8:36 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
> >>>
> >>>> Will check next time it happens as Haroon suggested to see if default
> >>>> route is still present, was last time but might be worth some further
> >>>> debugging and will report back, doesn't seem a common issue at this
> >>>> code maybe :/
> >>>>
> >>>> --
> >>>> BR
> >>>>
> >>>> Tony
> >>>>
> >>>> Sent from my iPhone on 3
> >>>>
> >>>> On 27 Sep 2012, at 14:32, Tony Singh <mothafungla_at_gmail.com> wrote:
> >>>>
> >>>>> Sorry Joe meant latter as in RAM is 512k in reply to Jay (free memory
> >>>>> when unit locked up showed ample free anyhow)
> >>>>>
> >>>>> Code running is 8.4.1 (post pix cli era I believe)
> >>>>>
> >>>>> --
> >>>>> BR
> >>>>>
> >>>>> Tony
> >>>>>
> >>>>> Sent from my iPhone on 3
> >>>>>
> >>>>> On 27 Sep 2012, at 13:23, Joe Sanchez <marco207p_at_gmail.com> wrote:
> >>>>>
> >>>>>> I recall lots of bugs in the 8.3 code . Mostly the ASA would lock
> up and reboot on occasions . Have you tried to upgrade?
> >>>>>>
> >>>>>> Regards,
> >>>>>> Joe Sanchez
> >>>>>>
> >>>>>> ( please excuse the brevity of this email as it was sent via a
> >>>>>> mobile device. Please excuse misspelled words or sentence
> >>>>>> structure.)
> >>>>>>
> >>>>>> On Sep 27, 2012, at 1:34 AM, Tony Singh <mothafungla_at_gmail.com>
> wrote:
> >>>>>>
> >>>>>>> Hi Jay
> >>>>>>>
> >>>>>>> Thanks for reply yes it is the latter.
> >>>>>>>
> >>>>>>> --
> >>>>>>> BR
> >>>>>>>
> >>>>>>> Sent from my iPhone on 3
> >>>>>>>
> >>>>>>> On 27 Sep 2012, at 02:02, Jay McMickle <jay.mcmickle_at_yahoo.com>
> wrote:
> >>>>>>>
> >>>>>>>> Tony- how much RAM is in your 5505? If 256 (standard on old
> ones), this could be your issue with 8.3+ IOS.
> >>>>>>>>
> >>>>>>>> If 512, disregard.
> >>>>>>>>
> >>>>>>>> Regards,
> >>>>>>>> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design) Sent
> >>>>>>>> from my iPhone
> >>>>>>>>
> >>>>>>>> On Sep 26, 2012, at 2:40 PM, Tony Singh <mothafungla_at_gmail.com>
> wrote:
> >>>>>>>>
> >>>>>>>>> Hi Haroon
> >>>>>>>>>
> >>>>>>>>> Next time it goes down will attempt your suggestion although it
> >>>>>>>>> did have the gateway of the last resort in the routing table :/
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> BR
> >>>>>>>>>
> >>>>>>>>> Sent from my iPhone on 3
> >>>>>>>>>
> >>>>>>>>> On 26 Sep 2012, at 20:27, Haroon <itguy.pro_at_gmail.com> wrote:
> >>>>>>>>>
> >>>>>>>>>> what if you hard code default gateway?
> >>>>>>>>>>
> >>>>>>>>>> route outside 0.0.0.0 0.0.0.0 isp
> >>>>>>>>>>
> >>>>>>>>>> On Wed, Sep 26, 2012 at 1:27 PM, Tony Singh <
> mothafungla_at_gmail.com> wrote:
> >>>>>>>>>> Good Evening List,
> >>>>>>>>>>
> >>>>>>>>>> I have an issue with my ASA 5505 recently seems to be locking up
> >>>>>>>>>> and end-result is no default gateway access to my isp router and
> >>>>>>>>>> bump no internet!
> >>>>>>>>>>
> >>>>>>>>>> Its running Version 8.4(1) & is a base license...
> >>>>>>>>>>
> >>>>>>>>>> Now some t-shooting has got me no where, no top cpu-usage
> >>>>>>>>>> processes, enough free memory , asdm logs when it goes down
> >>>>>>>>>> nothing unusual but the usual pat translations with tcp flags
> i.e syn timeout etc etc..
> >>>>>>>>>>
> >>>>>>>>>> translations showed...
> >>>>>>>>>>
> >>>>>>>>>> *ciscoasa# show xlate count *
> >>>>>>>>>> 323 in use, 583 most used
> >>>>>>>>>>
> >>>>>>>>>> tried clearing this - no good still could not ping my default
> gateway.....
> >>>>>>>>>>
> >>>>>>>>>> an arp showed that I could see the default gateway address
> >>>>>>>>>> (although admittedly did not try clearing this to see if it did
> >>>>>>>>>> the arp translation again)
> >>>>>>>>>>
> >>>>>>>>>> input packets from isp were stuck here, but might be down to
> above...
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is
> >>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY
> >>>>>>>>>> 100 usec
> >>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500
> >>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic
> >>>>>>>>>> Statistics for "outside":
> >>>>>>>>>> *9747366 packets input*, 1919996429 bytes
> >>>>>>>>>> 14907915 packets output, 13057288639 bytes
> >>>>>>>>>> 760415 packets dropped
> >>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec
> >>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec
> >>>>>>>>>> 1 minute drop rate, 0 pkts/sec
> >>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec
> >>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec
> >>>>>>>>>> 5 minute drop rate, 0 pkts/sec
> >>>>>>>>>>
> >>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is
> >>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY
> >>>>>>>>>> 100 usec
> >>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500
> >>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic
> >>>>>>>>>> Statistics for "outside":
> >>>>>>>>>> *9747366 packets input*, 1919996429 bytes
> >>>>>>>>>> 14907919 packets output, 13057288877 bytes
> >>>>>>>>>> 760415 packets dropped
> >>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec
> >>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec
> >>>>>>>>>> 1 minute drop rate, 0 pkts/sec
> >>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec
> >>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec
> >>>>>>>>>> 5 minute drop rate, 0 pkts/sec
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is
> >>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY
> >>>>>>>>>> 100 usec
> >>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500
> >>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic
> >>>>>>>>>> Statistics for "outside":
> >>>>>>>>>> *9747366 packets input*, 1919996429 bytes
> >>>>>>>>>> 14907920 packets output, 13057288946 bytes
> >>>>>>>>>> 760415 packets dropped
> >>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec
> >>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec
> >>>>>>>>>> 1 minute drop rate, 0 pkts/sec
> >>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec
> >>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec
> >>>>>>>>>> 5 minute drop rate, 0 pkts/sec
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> config on the outside interface is
> >>>>>>>>>>
> >>>>>>>>>> interface Vlan2 (eth0/0)
> >>>>>>>>>> nameif outside
> >>>>>>>>>> security-level 0
> >>>>>>>>>> ip address dhcp setroute
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> my outside interface picks up or still has the dhcpd binding
> >>>>>>>>>> from the isp and the outside svi vlan 2 pings from the asa ok...
> >>>>>>>>>>
> >>>>>>>>>> been getting tired of reloading recently, so decided to shut the
> >>>>>>>>>> vlan 2 svi down and take the dhcp config off & re-applied this
> >>>>>>>>>> and it seemed to let me ping the default gateway again...
> >>>>>>>>>>
> >>>>>>>>>> google dns 8.8.8.8 pings ok now, but xlates were showing 0 when
> >>>>>>>>>> attempting to connect from various devices and in the end had
> to reload the asa again.
> >>>>>>>>>>
> >>>>>>>>>> apologies for this long mail, any suggestions on what im doing
> >>>>>>>>>> wrong
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>>>>>
> >>>>>>>>>> ________________________________________________________________
> >>>>>>>>>> _______ Subscription information may be found at:
> >>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Virtualization.net
> >>>>>>>>>> Post Jobs, News, Forums, Tutorials
> http://www.virtualization.net
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>>>>
> >>>>>>>>>
> _______________________________________________________________________
> >>>>>>>>> Subscription information may be found at:
> >>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>>>
> >>>>>>>
> >>>>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>>>
> >>>>>>>
> _______________________________________________________________________
> >>>>>>> Subscription information may be found at:
> >>>>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 27 2012 - 20:39:26 ART
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART