Updated to 8.4.4.1 & no lockups since!
Thanks Ryan /Joe/all
I'm hoping I'll have an uptime of 5 years now, wishful thinking :/
-- BR Tony Sent from my iPhone on 3 On 27 Sep 2012, at 15:53, Tony Singh <mothafungla_at_gmail.com> wrote: > It's the image it shipped with but hear you. > > Thanks for the advice. > > -- > BR > > Tony > > Sent from my iPhone on 3 > > On 27 Sep 2012, at 15:45, Ryan West <rwest_at_zyedge.com> wrote: > >> I've had the best luck with 8.2(5)26 or 29. Since you're already in NAT hell, I would run 8.4.4.1. Running first release new train code is just asking for trouble IMO. >> >> Sent from handheld >> >> On Sep 27, 2012, at 10:06 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote: >> >>> Here's my hunch it seems to happen when I'm on my laptop with a lot of tcp sessions i.e tabs on chrome... >>> >>> Same kind of thing used to happen on other vender all in one wifi routers...until upgrading to code that fixed the issues so I hear you... >>> >>> Ryan my eyes are hurting with that list wa wa we wa (borat) >>> >>> What do you guys recommend as a stable code /if >>> >>> Thanks both for the help >>> >>> -- >>> BR >>> >>> Tony >>> >>> Sent from my iPhone on 3 >>> >>> On 27 Sep 2012, at 14:48, Ryan West <rwest_at_zyedge.com> wrote: >>> >>>> I would agree with Joe here. Here is the 8.4 caveat list: >>>> >>>> http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html#wp536788 >>>> >>>> -ryan >>>> >>>> -----Original Message----- >>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Joe Sanchez >>>> Sent: Thursday, September 27, 2012 9:44 AM >>>> To: Tony Singh >>>> Cc: Jay McMickle; Haroon; Ciscocertification >>>> Subject: Re: ASA problem >>>> >>>> I've had to upgrade many ASA's even with 2gb ram, with the latest code because of issues with ASA lockups/reboots it doesn't matter which platform other then the 5585x they have been solid. These ASA were running the 8.3 and I believe 1 might have been 8.42? Several issues that Cisco tries to fix with releases that did solve the original issues but caused other issues to raise there heads. >>>> >>>> Regards, >>>> Joe Sanchez >>>> >>>> ( please excuse the brevity of this email as it was sent via a mobile device. Please excuse misspelled words or sentence structure.) >>>> >>>> On Sep 27, 2012, at 8:36 AM, Tony Singh <mothafungla_at_gmail.com> wrote: >>>> >>>>> Will check next time it happens as Haroon suggested to see if default >>>>> route is still present, was last time but might be worth some further >>>>> debugging and will report back, doesn't seem a common issue at this >>>>> code maybe :/ >>>>> >>>>> -- >>>>> BR >>>>> >>>>> Tony >>>>> >>>>> Sent from my iPhone on 3 >>>>> >>>>> On 27 Sep 2012, at 14:32, Tony Singh <mothafungla_at_gmail.com> wrote: >>>>> >>>>>> Sorry Joe meant latter as in RAM is 512k in reply to Jay (free memory >>>>>> when unit locked up showed ample free anyhow) >>>>>> >>>>>> Code running is 8.4.1 (post pix cli era I believe) >>>>>> >>>>>> -- >>>>>> BR >>>>>> >>>>>> Tony >>>>>> >>>>>> Sent from my iPhone on 3 >>>>>> >>>>>> On 27 Sep 2012, at 13:23, Joe Sanchez <marco207p_at_gmail.com> wrote: >>>>>> >>>>>>> I recall lots of bugs in the 8.3 code . Mostly the ASA would lock up and reboot on occasions . Have you tried to upgrade? >>>>>>> >>>>>>> Regards, >>>>>>> Joe Sanchez >>>>>>> >>>>>>> ( please excuse the brevity of this email as it was sent via a >>>>>>> mobile device. Please excuse misspelled words or sentence >>>>>>> structure.) >>>>>>> >>>>>>> On Sep 27, 2012, at 1:34 AM, Tony Singh <mothafungla_at_gmail.com> wrote: >>>>>>> >>>>>>>> Hi Jay >>>>>>>> >>>>>>>> Thanks for reply yes it is the latter. >>>>>>>> >>>>>>>> -- >>>>>>>> BR >>>>>>>> >>>>>>>> Sent from my iPhone on 3 >>>>>>>> >>>>>>>> On 27 Sep 2012, at 02:02, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote: >>>>>>>> >>>>>>>>> Tony- how much RAM is in your 5505? If 256 (standard on old ones), this could be your issue with 8.3+ IOS. >>>>>>>>> >>>>>>>>> If 512, disregard. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design) Sent >>>>>>>>> from my iPhone >>>>>>>>> >>>>>>>>> On Sep 26, 2012, at 2:40 PM, Tony Singh <mothafungla_at_gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Hi Haroon >>>>>>>>>> >>>>>>>>>> Next time it goes down will attempt your suggestion although it >>>>>>>>>> did have the gateway of the last resort in the routing table :/ >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> BR >>>>>>>>>> >>>>>>>>>> Sent from my iPhone on 3 >>>>>>>>>> >>>>>>>>>> On 26 Sep 2012, at 20:27, Haroon <itguy.pro_at_gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> what if you hard code default gateway? >>>>>>>>>>> >>>>>>>>>>> route outside 0.0.0.0 0.0.0.0 isp >>>>>>>>>>> >>>>>>>>>>> On Wed, Sep 26, 2012 at 1:27 PM, Tony Singh <mothafungla_at_gmail.com> wrote: >>>>>>>>>>> Good Evening List, >>>>>>>>>>> >>>>>>>>>>> I have an issue with my ASA 5505 recently seems to be locking up >>>>>>>>>>> and end-result is no default gateway access to my isp router and >>>>>>>>>>> bump no internet! >>>>>>>>>>> >>>>>>>>>>> Its running Version 8.4(1) & is a base license... >>>>>>>>>>> >>>>>>>>>>> Now some t-shooting has got me no where, no top cpu-usage >>>>>>>>>>> processes, enough free memory , asdm logs when it goes down >>>>>>>>>>> nothing unusual but the usual pat translations with tcp flags i.e syn timeout etc etc.. >>>>>>>>>>> >>>>>>>>>>> translations showed... >>>>>>>>>>> >>>>>>>>>>> *ciscoasa# show xlate count * >>>>>>>>>>> 323 in use, 583 most used >>>>>>>>>>> >>>>>>>>>>> tried clearing this - no good still could not ping my default gateway..... >>>>>>>>>>> >>>>>>>>>>> an arp showed that I could see the default gateway address >>>>>>>>>>> (although admittedly did not try clearing this to see if it did >>>>>>>>>>> the arp translation again) >>>>>>>>>>> >>>>>>>>>>> input packets from isp were stuck here, but might be down to above... >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is >>>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY >>>>>>>>>>> 100 usec >>>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500 >>>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic >>>>>>>>>>> Statistics for "outside": >>>>>>>>>>> *9747366 packets input*, 1919996429 bytes >>>>>>>>>>> 14907915 packets output, 13057288639 bytes >>>>>>>>>>> 760415 packets dropped >>>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec >>>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec >>>>>>>>>>> 1 minute drop rate, 0 pkts/sec >>>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec >>>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec >>>>>>>>>>> 5 minute drop rate, 0 pkts/sec >>>>>>>>>>> >>>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is >>>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY >>>>>>>>>>> 100 usec >>>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500 >>>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic >>>>>>>>>>> Statistics for "outside": >>>>>>>>>>> *9747366 packets input*, 1919996429 bytes >>>>>>>>>>> 14907919 packets output, 13057288877 bytes >>>>>>>>>>> 760415 packets dropped >>>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec >>>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec >>>>>>>>>>> 1 minute drop rate, 0 pkts/sec >>>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec >>>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec >>>>>>>>>>> 5 minute drop rate, 0 pkts/sec >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is >>>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY >>>>>>>>>>> 100 usec >>>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500 >>>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic >>>>>>>>>>> Statistics for "outside": >>>>>>>>>>> *9747366 packets input*, 1919996429 bytes >>>>>>>>>>> 14907920 packets output, 13057288946 bytes >>>>>>>>>>> 760415 packets dropped >>>>>>>>>>> 1 minute input rate 0 pkts/sec, 0 bytes/sec >>>>>>>>>>> 1 minute output rate 8 pkts/sec, 464 bytes/sec >>>>>>>>>>> 1 minute drop rate, 0 pkts/sec >>>>>>>>>>> 5 minute input rate 0 pkts/sec, 2 bytes/sec >>>>>>>>>>> 5 minute output rate 22 pkts/sec, 1297 bytes/sec >>>>>>>>>>> 5 minute drop rate, 0 pkts/sec >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> config on the outside interface is >>>>>>>>>>> >>>>>>>>>>> interface Vlan2 (eth0/0) >>>>>>>>>>> nameif outside >>>>>>>>>>> security-level 0 >>>>>>>>>>> ip address dhcp setroute >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> my outside interface picks up or still has the dhcpd binding >>>>>>>>>>> from the isp and the outside svi vlan 2 pings from the asa ok... >>>>>>>>>>> >>>>>>>>>>> been getting tired of reloading recently, so decided to shut the >>>>>>>>>>> vlan 2 svi down and take the dhcp config off & re-applied this >>>>>>>>>>> and it seemed to let me ping the default gateway again... >>>>>>>>>>> >>>>>>>>>>> google dns 8.8.8.8 pings ok now, but xlates were showing 0 when >>>>>>>>>>> attempting to connect from various devices and in the end had to reload the asa again. >>>>>>>>>>> >>>>>>>>>>> apologies for this long mail, any suggestions on what im doing >>>>>>>>>>> wrong >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Blogs and organic groups at http://www.ccie.net >>>>>>>>>>> >>>>>>>>>>> ________________________________________________________________ >>>>>>>>>>> _______ Subscription information may be found at: >>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Virtualization.net >>>>>>>>>>> Post Jobs, News, Forums, Tutorials http://www.virtualization.net >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Blogs and organic groups at http://www.ccie.net >>>>>>>>>> >>>>>>>>>> _______________________________________________________________________ >>>>>>>>>> Subscription information may be found at: >>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html >>>>>>>> >>>>>>>> >>>>>>>> Blogs and organic groups at http://www.ccie.net >>>>>>>> >>>>>>>> _______________________________________________________________________ >>>>>>>> Subscription information may be found at: >>>>>>>> http://www.groupstudy.com/list/CCIELab.html >>>> >>>> >>>> Blogs and organic groups at http://www.ccie.net >>>> >>>> _______________________________________________________________________ >>>> Subscription information may be found at: >>>> http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Mon Oct 08 2012 - 22:59:34 ART
This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART