ASA 5505 Outside problem

Hi, I have configured a new 5505 ASA with Security Plus licence. I have a poblem: after some hours outside interface stop responding and the VPN go down. In this state i can't ping my gateway. The inside interfae work well. With show interface I haven't any error. I've tried to fix speed to 100 Half on switch port and ASA port but the problem is the same. I have't this problem an any other ASA in my company's site. I've changed this devices with an equal devices and the problem is the same. I suppose that isn't a configuration problem because other ASA works well. There are some output when the ASA s in "locked" state:

ASA# sh int e0/0 Interface Ethernet0/0 "", is up, line protocol is up Hardware is 88E6095, BW 100 Mbps Half-Duplex(Half-duplex), 100 Mbps(100 Mbps) Available but not configured via nameif MAC address 0024.14ef.2a6a, MTU not set IP address unassigned 2176 packets input, 305804 bytes, 0 no buffer Received 90 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 5 switch ingress policy drops 1702 packets output, 224296 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier 0 rate limit drops 0 switch egress policy drops

ASA# s int vlan2 Interface Vlan2 "outside", is up, line protocol is up Hardware is EtherSVI Description: ToISP MAC address 0024.14ef.2a72, MTU 1500 IP address, subnet mask Traffic Statistics for "outside": 1802 packets input, 195826 bytes 1702 packets output, 193624 bytes 19 packets dropped 1 minute input rate 0 pkts/sec, 1 bytes/sec 1 minute output rate 0 pkts/sec, 15 bytes/sec 1 minute drop rate, 0 pkts/sec 5 minute input rate 0 pkts/sec, 1 bytes/sec 5 minute output rate 0 pkts/sec, 3 bytes/sec 5 minute drop rate, 0 pkts/sec

ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(4) Device Manager Version 5.2(4)

ASA up 1 hour 20 mins

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision

0x0) Boot microcode : ?CNlite-MC-Boot-Cisco-1.2 SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03 IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05 0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11 1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255 2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255 3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255 4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255 5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255 6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255 7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255 8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255 10: Int: Not used : irq 255 11: Int: Not used : irq 255

Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 20, DMZ Unrestricted Inside Hosts : Unlimited Failover : Active/Standby VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 25 WebVPN Peers : 2 Dual ISPs : Enabled VLAN Trunk Ports : 8

This platform has an ASA 5505 Security Plus license.

Thanks for any help

Reply to
Loading thread data ...

Could it be a problem of the device connected to the ASA? Maybe it could be a switch with a blocked port or stuffs like that.

Reply to

Try setting the outside interface to 100/full. If the uplink the ASA is connected to is hardcoded to 100/full the ASA may be incorrectly negotiating to 100/half

Reply to
TedZ Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.