ASA 5505 Outside problem

Hi, I have configured a new 5505 ASA with Security Plus licence. I have a poblem: after some hours outside interface stop responding and the VPN go down. In this state i can't ping my gateway. The inside interfae work well. With show interface I haven't any error. I've tried to fix speed to 100 Half on switch port and ASA port but the problem is the same. I have't this problem an any other ASA in my company's site. I've changed this devices with an equal devices and the problem is the same. I suppose that isn't a configuration problem because other ASA works well. There are some output when the ASA s in "locked" state:

ASA# sh int e0/0 Interface Ethernet0/0 "", is up, line protocol is up Hardware is 88E6095, BW 100 Mbps Half-Duplex(Half-duplex), 100 Mbps(100 Mbps) Available but not configured via nameif MAC address 0024.14ef.2a6a, MTU not set IP address unassigned 2176 packets input, 305804 bytes, 0 no buffer Received 90 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 5 switch ingress policy drops 1702 packets output, 224296 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier 0 rate limit drops 0 switch egress policy drops

ASA# s int vlan2 Interface Vlan2 "outside", is up, line protocol is up Hardware is EtherSVI Description: ToISP MAC address 0024.14ef.2a72, MTU 1500 IP address xx.xx.xxx.xxx, subnet mask 255.255.255.240 Traffic Statistics for "outside": 1802 packets input, 195826 bytes 1702 packets output, 193624 bytes 19 packets dropped 1 minute input rate 0 pkts/sec, 1 bytes/sec 1 minute output rate 0 pkts/sec, 15 bytes/sec 1 minute drop rate, 0 pkts/sec 5 minute input rate 0 pkts/sec, 1 bytes/sec 5 minute output rate 0 pkts/sec, 3 bytes/sec 5 minute drop rate, 0 pkts/sec

ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(4) Device Manager Version 5.2(4)

ASA up 1 hour 20 mins

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision

0x0) Boot microcode : ?CNlite-MC-Boot-Cisco-1.2 SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03 IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05 0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11 1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255 2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255 3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255 4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255 5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255 6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255 7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255 8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255 10: Int: Not used : irq 255 11: Int: Not used : irq 255

Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 20, DMZ Unrestricted Inside Hosts : Unlimited Failover : Active/Standby VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 25 WebVPN Peers : 2 Dual ISPs : Enabled VLAN Trunk Ports : 8

This platform has an ASA 5505 Security Plus license.

Thanks for any help

Reply to
Dario
Loading thread data ...

Could it be a problem of the device connected to the ASA? Maybe it could be a switch with a blocked port or stuffs like that.

Reply to
Chino

Try setting the outside interface to 100/full. If the uplink the ASA is connected to is hardcoded to 100/full the ASA may be incorrectly negotiating to 100/half

Reply to
TedZ

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.