Re: ASA problem from Tony Singh on 2012-11-11 (Ccielab archives 11/2012)

From: Tony Singh <mothafungla_at_gmail.com>
Date: Sun, 11 Nov 2012 23:04:30 +0000
Ok it happened again on new f/w
I.e ping to default gateway fails
Fixed without reload with
Conf t
Int vlan 2
No ip address dhcp setroute
Ip address dhcp setroute
Any one had the same
--
BR
Tony
Sent from my iPad
On 8 Oct 2012, at 22:59, Tony Singh <mothafungla_at_gmail.com> wrote:
> Updated to 8.4.4.1 & no lockups since!
> 
> Thanks Ryan /Joe/all
> 
> I'm hoping I'll have an uptime of 5 years now, wishful thinking :/
> 
> --
> BR
> 
> Tony
> 
> Sent from my iPhone on 3
> 
> On 27 Sep 2012, at 15:53, Tony Singh <mothafungla_at_gmail.com> wrote:
> 
>> It's the image it shipped with but hear you.
>> 
>> Thanks for the advice.
>> 
>> --
>> BR
>> 
>> Tony
>> 
>> Sent from my iPhone on 3
>> 
>> On 27 Sep 2012, at 15:45, Ryan West <rwest_at_zyedge.com> wrote:
>> 
>>> I've had the best luck with 8.2(5)26 or 29.  Since you're already in NAT hell, I would run 8.4.4.1.  Running first release new train code is just asking for trouble IMO. 
>>> 
>>> Sent from handheld
>>> 
>>> On Sep 27, 2012, at 10:06 AM, "Tony Singh" <mothafungla_at_gmail.com> wrote:
>>> 
>>>> Here's my hunch it seems to happen when I'm on my laptop with a lot of tcp sessions i.e tabs on chrome...
>>>> 
>>>> Same kind of thing used to happen on other vender all in one wifi routers...until upgrading to code that fixed the issues so I hear you...
>>>> 
>>>> Ryan my eyes are hurting with that list wa wa we wa (borat)
>>>> 
>>>> What do you guys recommend as a stable code /if
>>>> 
>>>> Thanks both for the help
>>>> 
>>>> --
>>>> BR
>>>> 
>>>> Tony
>>>> 
>>>> Sent from my iPhone on 3
>>>> 
>>>> On 27 Sep 2012, at 14:48, Ryan West <rwest_at_zyedge.com> wrote:
>>>> 
>>>>> I would agree with Joe here.  Here is the 8.4 caveat list:
>>>>> 
>>>>> http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html#wp536788
>>>>> 
>>>>> -ryan
>>>>> 
>>>>> -----Original Message-----
>>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Joe Sanchez
>>>>> Sent: Thursday, September 27, 2012 9:44 AM
>>>>> To: Tony Singh
>>>>> Cc: Jay McMickle; Haroon; Ciscocertification
>>>>> Subject: Re: ASA problem
>>>>> 
>>>>> I've had to upgrade many ASA's even with 2gb ram, with the latest code because of issues with ASA lockups/reboots it doesn't matter which platform other then the 5585x they have been solid. These ASA were running the 8.3 and I believe 1 might have been 8.42?  Several issues that Cisco tries to fix with releases that did solve the original issues but caused other issues to raise there heads.
>>>>> 
>>>>> Regards,
>>>>> Joe Sanchez
>>>>> 
>>>>> ( please excuse the brevity of this email as it was sent via a mobile device.  Please excuse misspelled words or sentence structure.) 
>>>>> 
>>>>> On Sep 27, 2012, at 8:36 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>> 
>>>>>> Will check next time it happens as Haroon suggested to see if default 
>>>>>> route is still present, was last time but might be worth some further 
>>>>>> debugging and will report back, doesn't seem a common issue at this 
>>>>>> code maybe :/
>>>>>> 
>>>>>> --
>>>>>> BR
>>>>>> 
>>>>>> Tony
>>>>>> 
>>>>>> Sent from my iPhone on 3
>>>>>> 
>>>>>> On 27 Sep 2012, at 14:32, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>>> 
>>>>>>> Sorry Joe meant latter as in RAM is 512k in reply to Jay (free memory 
>>>>>>> when unit locked up showed ample free anyhow)
>>>>>>> 
>>>>>>> Code running is 8.4.1 (post pix cli era I believe)
>>>>>>> 
>>>>>>> --
>>>>>>> BR
>>>>>>> 
>>>>>>> Tony
>>>>>>> 
>>>>>>> Sent from my iPhone on 3
>>>>>>> 
>>>>>>> On 27 Sep 2012, at 13:23, Joe Sanchez <marco207p_at_gmail.com> wrote:
>>>>>>> 
>>>>>>>> I recall lots of bugs in the 8.3 code .  Mostly the ASA would lock up and reboot on occasions .  Have you tried to upgrade? 
>>>>>>>> 
>>>>>>>> Regards,
>>>>>>>> Joe Sanchez
>>>>>>>> 
>>>>>>>> ( please excuse the brevity of this email as it was sent via a 
>>>>>>>> mobile device.  Please excuse misspelled words or sentence 
>>>>>>>> structure.)
>>>>>>>> 
>>>>>>>> On Sep 27, 2012, at 1:34 AM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>>>>> 
>>>>>>>>> Hi Jay
>>>>>>>>> 
>>>>>>>>> Thanks for reply yes it is the latter.
>>>>>>>>> 
>>>>>>>>> --
>>>>>>>>> BR
>>>>>>>>> 
>>>>>>>>> Sent from my iPhone on 3
>>>>>>>>> 
>>>>>>>>> On 27 Sep 2012, at 02:02, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
>>>>>>>>> 
>>>>>>>>>> Tony- how much RAM is in your 5505? If 256 (standard on old ones), this could be your issue with 8.3+ IOS.
>>>>>>>>>> 
>>>>>>>>>> If 512, disregard.
>>>>>>>>>> 
>>>>>>>>>> Regards,
>>>>>>>>>> Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design) Sent 
>>>>>>>>>> from my iPhone
>>>>>>>>>> 
>>>>>>>>>> On Sep 26, 2012, at 2:40 PM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>>>>>>> 
>>>>>>>>>>> Hi Haroon
>>>>>>>>>>> 
>>>>>>>>>>> Next time it goes down will attempt your suggestion although it 
>>>>>>>>>>> did have the gateway of the last resort in the routing table :/
>>>>>>>>>>> 
>>>>>>>>>>> --
>>>>>>>>>>> BR
>>>>>>>>>>> 
>>>>>>>>>>> Sent from my iPhone on 3
>>>>>>>>>>> 
>>>>>>>>>>> On 26 Sep 2012, at 20:27, Haroon <itguy.pro_at_gmail.com> wrote:
>>>>>>>>>>> 
>>>>>>>>>>>> what if you hard code default gateway?
>>>>>>>>>>>> 
>>>>>>>>>>>> route outside 0.0.0.0 0.0.0.0 isp
>>>>>>>>>>>> 
>>>>>>>>>>>> On Wed, Sep 26, 2012 at 1:27 PM, Tony Singh <mothafungla_at_gmail.com> wrote:
>>>>>>>>>>>> Good Evening List,
>>>>>>>>>>>> 
>>>>>>>>>>>> I have an issue with my ASA 5505 recently seems to be locking up 
>>>>>>>>>>>> and end-result is no default gateway access to my isp router and 
>>>>>>>>>>>> bump no internet!
>>>>>>>>>>>> 
>>>>>>>>>>>> Its running Version 8.4(1)  & is a base license...
>>>>>>>>>>>> 
>>>>>>>>>>>> Now some t-shooting has got me no where, no top cpu-usage 
>>>>>>>>>>>> processes, enough free memory , asdm logs when it goes down 
>>>>>>>>>>>> nothing unusual but the usual pat translations with tcp flags i.e syn timeout etc etc..
>>>>>>>>>>>> 
>>>>>>>>>>>> translations showed...
>>>>>>>>>>>> 
>>>>>>>>>>>> *ciscoasa# show xlate count *
>>>>>>>>>>>> 323 in use, 583 most used
>>>>>>>>>>>> 
>>>>>>>>>>>> tried clearing this - no good still could not ping my default gateway.....
>>>>>>>>>>>> 
>>>>>>>>>>>> an arp showed that I could see the default gateway address 
>>>>>>>>>>>> (although admittedly did not try clearing this to see if it did 
>>>>>>>>>>>> the arp translation again)
>>>>>>>>>>>> 
>>>>>>>>>>>> input packets from isp were stuck here, but might be down to above...
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is 
>>>>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 
>>>>>>>>>>>> 100 usec
>>>>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500
>>>>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic 
>>>>>>>>>>>> Statistics for "outside":
>>>>>>>>>>>> *9747366 packets input*, 1919996429 bytes
>>>>>>>>>>>> 14907915 packets output, 13057288639 bytes
>>>>>>>>>>>> 760415 packets dropped
>>>>>>>>>>>> 1 minute input rate 0 pkts/sec,  0 bytes/sec
>>>>>>>>>>>> 1 minute output rate 8 pkts/sec,  464 bytes/sec
>>>>>>>>>>>> 1 minute drop rate, 0 pkts/sec
>>>>>>>>>>>> 5 minute input rate 0 pkts/sec,  2 bytes/sec
>>>>>>>>>>>> 5 minute output rate 22 pkts/sec,  1297 bytes/sec
>>>>>>>>>>>> 5 minute drop rate, 0 pkts/sec
>>>>>>>>>>>> 
>>>>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is 
>>>>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 
>>>>>>>>>>>> 100 usec
>>>>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500
>>>>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic 
>>>>>>>>>>>> Statistics for "outside":
>>>>>>>>>>>> *9747366 packets input*, 1919996429 bytes
>>>>>>>>>>>> 14907919 packets output, 13057288877 bytes
>>>>>>>>>>>> 760415 packets dropped
>>>>>>>>>>>> 1 minute input rate 0 pkts/sec,  0 bytes/sec
>>>>>>>>>>>> 1 minute output rate 8 pkts/sec,  464 bytes/sec
>>>>>>>>>>>> 1 minute drop rate, 0 pkts/sec
>>>>>>>>>>>> 5 minute input rate 0 pkts/sec,  2 bytes/sec
>>>>>>>>>>>> 5 minute output rate 22 pkts/sec,  1297 bytes/sec
>>>>>>>>>>>> 5 minute drop rate, 0 pkts/sec
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> ciscoasa(config-if)# sh int Vlan2 Interface Vlan2 "outside", is 
>>>>>>>>>>>> up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 
>>>>>>>>>>>> 100 usec
>>>>>>>>>>>> MAC address 001e.4a87.44ab, MTU 1500
>>>>>>>>>>>> IP address x.x.x.x, subnet mask 255.255.254.0 Traffic 
>>>>>>>>>>>> Statistics for "outside":
>>>>>>>>>>>> *9747366 packets input*, 1919996429 bytes
>>>>>>>>>>>> 14907920 packets output, 13057288946 bytes
>>>>>>>>>>>> 760415 packets dropped
>>>>>>>>>>>> 1 minute input rate 0 pkts/sec,  0 bytes/sec
>>>>>>>>>>>> 1 minute output rate 8 pkts/sec,  464 bytes/sec
>>>>>>>>>>>> 1 minute drop rate, 0 pkts/sec
>>>>>>>>>>>> 5 minute input rate 0 pkts/sec,  2 bytes/sec
>>>>>>>>>>>> 5 minute output rate 22 pkts/sec,  1297 bytes/sec
>>>>>>>>>>>> 5 minute drop rate, 0 pkts/sec
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> config on the outside interface is
>>>>>>>>>>>> 
>>>>>>>>>>>> interface Vlan2 (eth0/0)
>>>>>>>>>>>> nameif outside
>>>>>>>>>>>> security-level 0
>>>>>>>>>>>> ip address dhcp setroute
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> my outside interface picks up or still has the dhcpd binding 
>>>>>>>>>>>> from the isp and the outside svi vlan 2 pings from the asa ok...
>>>>>>>>>>>> 
>>>>>>>>>>>> been getting tired of reloading recently, so decided to shut the 
>>>>>>>>>>>> vlan 2 svi down and take the dhcp config off & re-applied this 
>>>>>>>>>>>> and it seemed to let me ping the default gateway again...
>>>>>>>>>>>> 
>>>>>>>>>>>> google dns 8.8.8.8 pings ok now, but xlates were showing 0 when 
>>>>>>>>>>>> attempting to connect from various devices and in the end had to reload the asa again.
>>>>>>>>>>>> 
>>>>>>>>>>>> apologies for this long mail, any suggestions on what im doing 
>>>>>>>>>>>> wrong
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>>> 
>>>>>>>>>>>> ________________________________________________________________
>>>>>>>>>>>> _______ Subscription information may be found at:
>>>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> --
>>>>>>>>>>>> Virtualization.net
>>>>>>>>>>>> Post Jobs, News, Forums, Tutorials http://www.virtualization.net
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>>> 
>>>>>>>>>>> _______________________________________________________________________
>>>>>>>>>>> Subscription information may be found at: 
>>>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>> 
>>>>>>>>> _______________________________________________________________________
>>>>>>>>> Subscription information may be found at: 
>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>> 
>>>>> 
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>> 
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at: 
>>>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Nov 11 2012 - 23:04:30 ART
This archive was generated by hypermail 2.2.0 : Sat Dec 01 2012 - 07:27:50 ART