Hi Nicky
Ok will check though don't think it will get far as default gateway is
unreachable..
Ping to the outside (0) interface is ok
-- BR Tony Sent from my iPhone on 3 On 27 Sep 2012, at 16:09, Nicky <ccienovice_at_gmail.com> wrote: > Hi Tony, > > Use packet capture through asdm. > > Cheers, > Nick > > On Thu, Sep 27, 2012 at 8:23 PM, Tony Singh <mothafungla_at_gmail.com> wrote: > It's the image it shipped with but hear you. > > Thanks for the advice. > > -- > BR > > Tony > > Sent from my iPhone on 3 > > On 27 Sep 2012, at 15:45, Ryan West <rwest_at_zyedge.com> wrote: > > > I've had the best luck with 8.2(5)26 or 29. Since you're already in NAT hell, I would run 8.4.4.1. Running first release new train code is just asking for trouble IMO. > > > > Sent from handheld > > > > On Sep 27, 2012, at 10:06 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote: > > > >> Here's my hunch it seems to happen when I'm on my laptop with a lot of tcp sessions i.e tabs on chrome... > >> > >> Same kind of thing used to happen on other vender all in one wifi routers...until upgrading to code that fixed the issues so I hear you... > >> > >> Ryan my eyes are hurting with that list wa wa we wa (borat) > >> > >> What do you guys recommend as a stable code /if > >> > >> Thanks both for the help > >> > >> -- > >> BR > >> > >> Tony > >> > >> Sent from my iPhone on 3 > >> > >> On 27 Sep 2012, at 14:48, Ryan West <rwest_at_zyedge.com> wrote: > >> > >>> I would agree with Joe here. Here is the 8.4 caveat list: > >>> > >>> http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html #wp536788 > >>> > >>> -ryan > >>> > >>> -----Original Message----- > >>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Joe Sanchez > >>> Sent: Thursday, September 27, 2012 9:44 AM > >>> To: Tony Singh > >>> Cc: Jay McMickle; Haroon; Ciscocertification > >>> Subject: Re: ASA problem > >>> > >>> I've had to upgrade many ASA's even with 2gb ram, with the latest code because of issues with ASA lockups/reboots it doesn't matter which platform other then the 5585x they have been solid. These ASA were running the 8.3 and I believe 1 might have been 8.42? Several issues that Cisco tries to fix with releases that did solve the original issues but caused other issues to raise there heads. > >>> > >>> Regards, > >>> Joe Sanchez > >>> > >>> ( please excuse the brevity of this email as it was sent via a mobile device. Please excuse misspelled words or sentence structure.) > >>> > >>> On Sep 27, 2012, at 8:36 AM, Tony Singh <mothafungla_at_gmail.com> wrote: > >>> > >>>> Will check next time it happens as Haroon suggested to see if default > >>>> route is still present, was last time but might be worth some further > >>>> debugging and will report back, doesn't seem a common issue at this > >>>> code maybe :/ > >>>> > >>>> -- > >>>> BR > >>>> > >>>> Tony > >>>> > >>>> Sent from my iPhone on 3 > >>>> > >>>> On 27 Sep 2012, at 14:32, Tony Singh <mothafungla_at_gmail.com> wrote: > >>>> > >>>>> Sorry Joe meant latter as in RAM is 512k in reply to Jay (free memory > >>>>> when unit locked up showed ample free anyhow) > >>>>> > >>>>> Code running is 8.4.1 (post pix cli era I believe) > >>>>> > >>>>> -- > >>>>> BR > >>>>> > >>>>> Tony > >>>>> > >>>>> Sent from my iPhone on 3 > >>>>> > >>>>> On 27 Sep 2012, at 13:23, Joe Sanchez <marco207p_at_gmail.com> wrote: > >>>>> > >>>>>> I recall lots of bugs in the 8.3 code . Mostly the ASA would lock up and reboot on occasions . Have you tried to upgrade? > >>>>>> > >>>>>> Regards, > >>>>>> Joe Sanchez > >>>>>> > >>>>>> ( please excuse the brevity of this email as it was sent via a > >>>>>> mobile device. Please excuse misspelled words or sentence > >>>>>> structure.) > >>>>>> > >>>>>> On Sep 27, 2012, at 1:34 AM, Tony Singh <mothafungla_at_gmail.com> wrote: > >>>>>> > >>>>>>> Hi Jay > >>>>>>> > >>>>>>> Thanks for reply yes it is the latter. > >>>>>>> > >>>>>>> -- > >>>>>>> BR > >>>>>>> > >>>>>>> Sent from my iPhone on 3 > >>>>>>> > >>>>>>> On 27 Sep 2012, at 02:02, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote: > >>>>>>> > >>>>>>>> Tony- how much RAM is in your 5505? If 256 (standard on old ones), this could be your issue with 8.3+ IOS. > >>>>>>>> > >>>>>>>> If 512, disregard. > >>>>>>>> > >>>>>>>> Regards, > >>>>>>>> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design) Sent > >>>>>>>> from my iPhone > >>>>>>>> > >>>>>>>> On Sep 26, 2012, at 2:40 PM, Tony Singh <mothafungla_at_gmail.com> wrote: > >>>>>>>> > >>>>>>>>> Hi Haroon > >>>>>>>>> > >>>>>>>>> Next time it goes down will attempt your suggestion although it > >>>>>>>>> did have the gateway of the last resort in the routing table :/ > >>>>>>>>> > >>>>>>>>> -- > >>>>>>>>> BR > >>>>>>>>> > >>>>>>>>> Sent from my iPhone on 3 > >>>>>>>>> > >>>>>>>>> On 26 Sep 2012, at 20:27, Haroon <itguy.pro_at_gmail.com> wrote: > >>>>>>>>> > >>>>>>>>>> what if you hard code default gateway? > >>>>>>>>>> > >>>>>>>>>> route outside 0.0.0.0 0.0.0.0 isp > >>>>>>>>>> > >>>>>>>>>> On Wed, Sep 26, 2012 at 1:27 PM, Tony Singh <mothafungla_at_gmail.com> wrote: > >>>>>>>>>> Good Evening List, > >>>>>>>>>> > >>>>>>>>>> I have an issue with my ASA 5505 recently seems to be locking up > >>>>>>>>>> and end-result is no default gateway access to my isp router and > >>>>>>>>>> bump no internet! > >>>>>>>>>> > >>>>>>>>>> Its running Version 8.4(1) & is a base license... > >>>>>>>>>> > >>>>>>>>>> Now some t-shooting has got me no where, no top cpu-usage > >>>>>>>>>> processes, enough free memory , asdm logs when it goes down > >>>>>>>>>> nothing unusual but the usual pat translations with tcp flags i.e syn timeout etc etc.. > >>>>>>>>>> > >>>>>>>>>> translations showed... > >>>>>>>>>> > >>>>>>>>>> *ciscoasa# show xlate count * > >>>>>>>>>> 323 in use, 583 most used > >>>>>>>>>> > >>>>>>>>>> tried clearing this - no good still could not ping my default gateway..... > >>>>>>>>>> > >>>>>>>>>> an arp showed that I could see the default gateway address > >>>>>>>>>> (although admittedly did not try clearing this to see if it did > >>>>>>>>>> the arp translation again) > >>>>>>>>>> > >>>>>>>>>> input packets from isp were stuck here, but might be down to above... > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is > >>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY > >>>>>>>>>> 100 usec > >>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500 > >>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic > >>>>>>>>>> Statistics for "outside": > >>>>>>>>>> *9747366 packets input*, 1919996429 bytes > >>>>>>>>>> 14907915 packets output, 13057288639 bytes > >>>>>>>>>> 760415 packets dropped > >>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec > >>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec > >>>>>>>>>> 1 minute drop rate, 0 pkts/sec > >>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec > >>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec > >>>>>>>>>> 5 minute drop rate, 0 pkts/sec > >>>>>>>>>> > >>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is > >>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY > >>>>>>>>>> 100 usec > >>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500 > >>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic > >>>>>>>>>> Statistics for "outside": > >>>>>>>>>> *9747366 packets input*, 1919996429 bytes > >>>>>>>>>> 14907919 packets output, 13057288877 bytes > >>>>>>>>>> 760415 packets dropped > >>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec > >>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec > >>>>>>>>>> 1 minute drop rate, 0 pkts/sec > >>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec > >>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec > >>>>>>>>>> 5 minute drop rate, 0 pkts/sec > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is > >>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY > >>>>>>>>>> 100 usec > >>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500 > >>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic > >>>>>>>>>> Statistics for "outside": > >>>>>>>>>> *9747366 packets input*, 1919996429 bytes > >>>>>>>>>> 14907920 packets output, 13057288946 bytes > >>>>>>>>>> 760415 packets dropped > >>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec > >>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec > >>>>>>>>>> 1 minute drop rate, 0 pkts/sec > >>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec > >>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec > >>>>>>>>>> 5 minute drop rate, 0 pkts/sec > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> config on the outside interface is > >>>>>>>>>> > >>>>>>>>>> interface Vlan2 (eth0/0) > >>>>>>>>>> nameif outside > >>>>>>>>>> security-level 0 > >>>>>>>>>> ip address dhcp setroute > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> my outside interface picks up or still has the dhcpd binding > >>>>>>>>>> from the isp and the outside svi vlan 2 pings from the asa ok... > >>>>>>>>>> > >>>>>>>>>> been getting tired of reloading recently, so decided to shut the > >>>>>>>>>> vlan 2 svi down and take the dhcp config off & re-applied this > >>>>>>>>>> and it seemed to let me ping the default gateway again... > >>>>>>>>>> > >>>>>>>>>> google dns 8.8.8.8 pings ok now, but xlates were showing 0 when > >>>>>>>>>> attempting to connect from various devices and in the end had to reload the asa again. > >>>>>>>>>> > >>>>>>>>>> apologies for this long mail, any suggestions on what im doing > >>>>>>>>>> wrong > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Blogs and organic groups at http://www.ccie.net > >>>>>>>>>> > >>>>>>>>>> ________________________________________________________________ > >>>>>>>>>> _______ Subscription information may be found at: > >>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> Virtualization.net > >>>>>>>>>> Post Jobs, News, Forums, Tutorials http://www.virtualization.net > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Blogs and organic groups at http://www.ccie.net > >>>>>>>>> > >>>>>>>>>Received on Thu Sep 27 2012 - 17:05:00 ART
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART