ASA 5505 Outside problem



Hi,
I have configured a new 5505 ASA with Security Plus licence.
I have a poblem: after some hours outside interface stop responding and the
VPN go down.
In this state i can't ping my gateway. The inside interfae work well.
With show interface I haven't any error.
I've tried to fix speed to 100 Half on switch port and ASA port but the
problem is the same.
I have't this problem an any other ASA in my company's site.
I've changed this devices with an equal devices and the problem is the same.
I suppose that isn't a configuration problem because other ASA works well.
There are some output when the ASA s in "locked" state:

ASA# sh int e0/0
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Half-Duplex(Half-duplex), 100 Mbps(100 Mbps)
Available but not configured via nameif
MAC address 0024.14ef.2a6a, MTU not set
IP address unassigned
2176 packets input, 305804 bytes, 0 no buffer
Received 90 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
5 switch ingress policy drops
1702 packets output, 224296 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops

ASA# s int vlan2
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
Description: ToISP
MAC address 0024.14ef.2a72, MTU 1500
IP address xx.xx.xxx.xxx, subnet mask 255.255.255.240
Traffic Statistics for "outside":
1802 packets input, 195826 bytes
1702 packets output, 193624 bytes
19 packets dropped
1 minute input rate 0 pkts/sec, 1 bytes/sec
1 minute output rate 0 pkts/sec, 15 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 1 bytes/sec
5 minute output rate 0 pkts/sec, 3 bytes/sec
5 minute drop rate, 0 pkts/sec

ASA# sh ver

Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)

ASA up 1 hour 20 mins

Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision
0x0)
Boot microcode : ?CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ?CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ?CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0 : address is 0024.14ef.2a72, irq 11
1: Ext: Ethernet0/0 : address is 0024.14ef.2a6a, irq 255
2: Ext: Ethernet0/1 : address is 0024.14ef.2a6b, irq 255
3: Ext: Ethernet0/2 : address is 0024.14ef.2a6c, irq 255
4: Ext: Ethernet0/3 : address is 0024.14ef.2a6d, irq 255
5: Ext: Ethernet0/4 : address is 0024.14ef.2a6e, irq 255
6: Ext: Ethernet0/5 : address is 0024.14ef.2a6f, irq 255
7: Ext: Ethernet0/6 : address is 0024.14ef.2a70, irq 255
8: Ext: Ethernet0/7 : address is 0024.14ef.2a71, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255

Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 20, DMZ Unrestricted
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 25
WebVPN Peers : 2
Dual ISPs : Enabled
VLAN Trunk Ports : 8

This platform has an ASA 5505 Security Plus license.

Thanks for any help


.



Relevant Pages

  • Re: [fw-wiz] Interface Errors on a Cisco ASA 5520
    ... Under a high input pkt rate, if the ASA rules are deny'ing many pits AND it is syslogging each deny - particularly if it has multiple syslog servers - could put an ASA under stress. ... Interface GigabitEthernet0/0 "outside", is up, line protocol is up ... 54815945 packets output, 14582208506 bytes, 0 underruns ... minute input rate 3482 pkts/sec, ...
    (Firewall-Wizards)
  • Re: ASA 5505 Outside problem
    ... Try setting the outside interface to 100/full. ... If the uplink the ASA ... 1702 packets output, 224296 bytes, 0 underruns ... minute output rate 0 pkts/sec, ...
    (comp.dcom.sys.cisco)
  • Re: VPN IP Addressing Problem
    ... to the inside interface of the Router. ... can use the ASA interface for both the PAT and the VPN address, ... Can I just VPN to the public IP that is NATed to the ...
    (comp.dcom.sys.cisco)
  • Re: VPN IP Addressing Problem
    ... to the inside interface of the Router. ... that same subnet is already being used for my mail server (static NAT). ... can use the ASA interface for both the PAT and the VPN address, ... Can I just VPN to the public IP that is NATed to the LAN ...
    (comp.dcom.sys.cisco)
  • Re: VPN IP Addressing Problem
    ... If I took the public IP I am using for PAT and applied it to the ... to the inside interface of the Router. ... can use the ASA interface for both the PAT and the VPN address, ... Can I just VPN to the public IP that is NATed to the LAN ...
    (comp.dcom.sys.cisco)