Hi, I have configured a new 5505 ASA with Security Plus licence. I have a poblem: after some hours outside interface stop responding and the VPN go down. In this state i can't ping my gateway. The inside interfae work well. With show interface I haven't any error. I've tried to fix speed to 100 Half on switch port and ASA port but the problem is the same. I have't this problem an any other ASA in my company's site. I've changed this devices with an equal devices and the problem is the same. I suppose that isn't a configuration problem because other ASA works well. There are some output when the ASA s in "locked" state:
ASA# sh int e0/0 Interface Ethernet0/0 "", is up, line protocol is up Hardware is 88E6095, BW 100 Mbps Half-Duplex(Half-duplex), 100 Mbps(100 Mbps) Available but not configured via nameif MAC address 0024.14ef.2a6a, MTU not set IP address unassigned 2176 packets input, 305804 bytes, 0 no buffer Received 90 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 5 switch ingress policy drops 1702 packets output, 224296 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier 0 rate limit drops 0 switch egress policy drops
ASA# s int vlan2 Interface Vlan2 "outside", is up, line protocol is up Hardware is EtherSVI Description: ToISP MAC address 0024.14ef.2a72, MTU 1500 IP address xx.xx.xxx.xxx, subnet mask 255.255.255.240 Traffic Statistics for "outside": 1802 packets input, 195826 bytes 1702 packets output, 193624 bytes 19 packets dropped 1 minute input rate 0 pkts/sec, 1 bytes/sec 1 minute output rate 0 pkts/sec, 15 bytes/sec 1 minute drop rate, 0 pkts/sec 5 minute input rate 0 pkts/sec, 1 bytes/sec 5 minute output rate 0 pkts/sec, 3 bytes/sec 5 minute drop rate, 0 pkts/sec
ASA# sh ver
Cisco Adaptive Security Appliance Software Version 7.2(4) Device Manager Version 5.2(4)
ASA up 1 hour 20 mins
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision
0x0) Boot microcode : ?CNlite-MC-Boot-Cisco-1.2 SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03 IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05 0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11 1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255 2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255 3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255 4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255 5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255 6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255 7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255 8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255 10: Int: Not used : irq 255 11: Int: Not used : irq 255Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 20, DMZ Unrestricted Inside Hosts : Unlimited Failover : Active/Standby VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 25 WebVPN Peers : 2 Dual ISPs : Enabled VLAN Trunk Ports : 8
This platform has an ASA 5505 Security Plus license.
Thanks for any help