Cisco Firewall :: ASA 5510 / Dropped Packets In VPN AnyConnect Connections?

Dec 5, 2012

Our Cisco ASA 5510 running 8.4(4)1 just started dropping packets and our AnyConnect clients are seeing horrible performance.  The system is extremely slow compared to just a couple days ago.Nothing has changed on the system.  I can post the configs if needed.
 
firewall# sho int
Interface Ethernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
    Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
    Input flow control is unsupported, output flow control is off
    Description: == WAN Interface ==

[code]....
 
I have done a "sho vpn-sessiondb detail svc" and I can see the dropped packets of the individual users, but cannot see why the packets are still dropping.how I can correct this and restore speeds?

View 1 Replies


ADVERTISEMENT

Cisco VPN :: ASA 5510 - Client Connections Getting Dropped

Mar 30, 2011

I have some remote locations that connect to my ASA 5510 cluster (Aktive/Passive) using the Cisco VPN Client, from which the connection gets disconnected at random intervals (could be 5 minutes, but sometimes after 15 minutes). However, some other remote locations do not have this problem. All locations have the same VPN client configuration (distrubited by pcf file).

I already disabled isakmp keepalive on the ASA but this did not work. If I read it correctly, the Cisco vpn client logging shows that the ASA initiates the ending of the connection.
 
Code...

View 2 Replies View Related

Cisco Firewall :: 6509 - FWSM With Packets Dropped

Jun 9, 2013

I happen to noticed the FWSM was dropping packets at about 387 packets every 5 minutes. My outside FWSM is WAN facing and has a 1gig link (35% utilized) my inside facing has about 100 downstream switches to the closets. I do not see my 6509's back plane is being over utilized and my understanding of the FWSM show be go for 5 gig so it isn't oversubscribe. Why i am seeing packets dropped?

[Code] ......

View 2 Replies View Related

Cisco Firewall :: ASA 5510 - VPN Dropped Periodically

Sep 2, 2012

We have one ASA 5510 but we got the error attached periodically for IPSec/SSL VPN connection but i configured timeout connection as none

View 6 Replies View Related

Cisco Wireless :: AP WAP4410N Packets Are Being Dropped

Aug 20, 2012

I am using WAP4410N access point to connect 5 computer to the network.  Recently the wireless network is very bad; pakets are often being droped, very high reply times. I have upgraded to the latest firmware tried to change configuration with no use i even tried the default configuration.  I assumed that there's interference. I tried another AP ( linksys one) and things seems to be okay. what would be the problem with AP?

View 4 Replies View Related

Cisco VPN :: 8.21 / Packets Dropped At Encryption Stage?

Apr 27, 2013

I am truly struggling with the changes after 8.21. I am trying to get a VPN up between two sites. This is the B end, I am sure there are a bunch of problems in the other end too. Eg. the tunnel NAT does not have the right priority 1.when I establish the tunnel I get this:

3    Sep 01 2008    11:23:37  Tunnel Manager has failed to establish an L2L SA.  All configured IKE versions failed to establish the tunnel. Map Tag= outside_map.  Map Sequence Number = 1. 
# packet-tracer input inside tcp 10.2.32.11 80 10.1.1.10 80
 Phase: 1
Type: ACCESS-LIST
Subtype:

[code]....

View 1 Replies View Related

D-Link DIR-615 :: Wireless Stats Showing TX Packets Dropped

Jan 27, 2012

I notice that I have TX Packets Dropped only under the wireless section.This occurs when the wireless network is not in use also.I have tried many different channels, almost all of them.Im using wpa2-tkip+aes, mixed g and n network, auto 20/40, wps disabled.I understand about wireless interference also.wireless devices dont seem to have any issues though, not dropping from network.I usually get 4000 wireless TX drops a day. LAN and WAN show No TX drops

View 11 Replies View Related

Cisco Switching/Routing :: C3825 ISR IP Inspect Dropped Packets?

Oct 31, 2011

i am wanting to log dropped and oop packets on a c3825 isr with ios12.3(11)T3.  on other routers(like a 2951 running 151-4.M2)i can state ip inspect log drop-pkt and it will log to buffer or syslog all dropped and oop packets.  can i do this on this 3825 another way

View 1 Replies View Related

Cisco Switching/Routing :: NetFlow / 6500 / Export Packets Were Dropped Due To No Fib?

Mar 13, 2012

I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
 
VSS-core-XXX-rs1#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       xxx.xxx.83.253 (Unknown)

[code]....

View 7 Replies View Related

Cisco Firewall :: 5510 Inspect SIP Dropping Request Message Packets

Mar 17, 2011

I have 2 ASA 5510 firewalls at 2 different sites. Both running on version 8.0.4. Users are using an Instant Messaging type of application provided by a local telco here which is able to send and receive SMS using SIP (from the packet capture that I've done).
 
When users use the IM in site A, they are able to send and receive text messages via the IM from behind the firewall. However, when the users are in site B, users are able to send out text messages but not able to receive them.
 
I noticed that when I remove "inspect sip" from site-B's global policy map, users from site-B can successfully receive text messages. I have confirmed that it is the firewall that drops the packets as I have captured the inside and outside interfaces of site-B's ASA and I can see the incoming sip "request: MESSAGE" packet on the outside interface but I do not see the packet exiting the inside interface.
 
I have cross check both firewall configurations, and I do not see anything suspicious commands relating to sip that might cause this issue. Is there any command to troubleshoot why the sip inspection is dropping the sip packets on site-B?

View 15 Replies View Related

Cisco Firewall :: 3825 - ASA 5510 And Edge Router Not Altering SIP Packets

Oct 2, 2012

My SIP provider is not convinced that my ASA  and Edge Router is not altering the SIP packets.  On the ASA I've removed the inspect SIP, and H323, what else needs to be done to make the firewall not mess with the SIP Traffic.
 
Packets are flowing in/out. 
 
access-list hbg-outside-198_access_in extended permit udp host <SIP HOST> object sfipoffice_o eq sip
access-list hbg-outside-198_access_in extended permit udp any object hbgipoffice_o gt 49152
access-list hbg-outside-198_access_in extended permit udp any object hbgipoffice_o lt 53246
  
Here are my Policy Maps.
 
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map type inspect dns migrated_dns_map_1
parameters
  message-length maximum client auto

[code]...

On the 3825 Its jsut a pretty simple config that jsut routes packets form one interface to another, all Public Addresses, so no NAT on it.

View 2 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Traffic Is Being Dropped

Feb 1, 2011

So I have an asa 5505 running ipsec and anyconnect and it has been working great for months. I have not made any changes to the config, but suddenly all of my anyconnect traffic is being dropped. The vpn uses the same subnet as the LAN. I tried putting a rule in to allow all traffic from the LAN subnet on the outside interface. Now I just get the WEBVPN-SVC Action-Drop in packet tracer.

View 1 Replies View Related

Cisco VPN :: ASA 5510 - VPN AnyConnect No Ping IP Firewall

Apr 9, 2012

II have a management network 192.168.5.x and   VPN network 192.168.25.x. I can ping a all my network elements except to firewall (ASA5510). The ASA has the IP 192.168.5.1. I think that the firewall has some restriction but I don't know. I have  8.2 software and any connect 3.0 and work fine. If I am in the management network (192.168.5.7), I can ping to firewall. The restrict is with the VPN  network.

View 4 Replies View Related

Cisco Infrastructure :: High CPU Usage / Dropped Packets - Switch Blade WS-CBS3120X-S

Jun 25, 2012

I have a couple of Switches Blade 3120, working as active-standby model (HSRP) on a new site deployment. There are other 20 sites more or less, working on the same model, without issues. But in this one, we are seeing a high cpu usage. The traffic going through the platform is 600Mbps (on peaks), and in this case we have 40% of CPU usage. Traffic should be close to 3 Gbps. When we tried to send the whole traffic through the platform, active switch began to drop packets on the majority of interfaces.
 
When we analyze the CPU usage, there is a special process called "HL3U bkgrd proce" always have the most CPU use, but we do not know what concerns. We do not know if it is caused because there are PBRs configured. It should not matter. How I mentioned, there are other sites working fine and have had always the same PBR number.
 
What is causing the high usage?. Is there a special debug we could to perform to diagnose the issue?. Also, we have seen a high interrupt CPU usage (9% in this case).  
 
bog-sib-INT-rtr-1#show processes cpu sorted 5sec
CPU utilization for five seconds: 30%/9%; one minute: 25%; five minutes: 23%
PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process

[Code].....

View 3 Replies View Related

Cisco Switching/Routing :: N7000 Details Of Packets Dropped By COPP Policy

Mar 13, 2012

On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. Partial results of "show policy-map interface control-plane" not so long after clearing the counters : [code]
 
what traffic is dropped by the policy ? Is there any logging possible ?

View 2 Replies View Related

Cisco Firewall :: FW ASA Fail Ssh Or Telnet Using SSL VPN AnyConnect 5510

Jul 7, 2011

I have a vpn ssl remote access with a fw asa 5510 version 8.02. When users use any connect vpn ssl they in the Lan can access to the servers,but they can not access using ssh or telnet to inside fw asa.

aaa authentication ssh console LOCAL
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30

View 1 Replies View Related

Cisco Firewall :: 5510 - AnyConnect Client Profiles Not Replicating To Standby ASA

Jan 18, 2012

We have 2 ASA 5510's running in a Active/Standby configuration.  It appears that most of the changes we make on the active unit are replicated to the standby unit.  However, there are 3 AnyConnect Client Profiles on the active unit and none of them show up on the standby, the standby has no AnyConnect Profiles.  We also have 1 OnConnect script on the active unit and it does not appear on the standby unit either.
 
I was under the assumption that all config items on the active unit would replicate to the standby.  Is this not correct?  Do I need to do something extra to get everything replicated?  Are there other items that do not replicate? 

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Anyconnect Client Can't Reach Inside Network

Jan 2, 2012

So, I've set up Anyconnect client access to an ASA-5510.
 
I've got a handful of interfaces, which contain hosts that should be accesible to anyconnect clients.  I'm unable to reach addresses on a specific network, due to what packet-tracer claims is an implicit deny, though I'm unsure where to apply an access-list in this case.
 
fw1# show nameif
Interface                Name                     Security
Ethernet0/0.205          SECURE                  90

[Code].....

View 7 Replies View Related

Cisco Firewall :: ASA 5510 With 2 Internet Connections

Apr 5, 2013

Is it possible to have a Cisco ASA5510 with two internet connections performing as follows.

Internet A---------All traffic except LAN to LAN vpn
Internet B---------LAN to LAN vpn

I cant find anything definitive on google to say it will or wont, i know it cant do policy based routing.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Two Internet Connections

Aug 1, 2011

We are in the process of getting two new connections pulled in that I would like to utilize in the following configuration.
  
DS3 - 45/45 I would like to use this circuit for all of our servers to NAT out of as well as our VPN tunnel to our remote site.  It will be much more reliable than our cable line.
  
Cable Internet - 50/10 I would like to use this for all internet traffic that users generate.  I would like to be able to fail over to the DS3 if this line goes down.
  
To get all traffic go out the cable line would take a dynamic NAT rule and a default route.  How would I automate a failover to the DS3 with a backup route and dynamic NAT rule? 
 
I understand that if the DS3 goes down it will take manual intervention to bring the tunnel back up and servers with static NAT will need reconfiguration.

View 1 Replies View Related

Cisco Switching/Routing :: 2960 PoE Connections Are Dropped

Aug 22, 2012

I have cisco WS-C2960S-48FPS-L stacked. Weekly twice, my PoE connections are dropped and when the device is restarted, everything starts working normal. This issue happens weekly once or twice. [code] I can see that there is a bug id : CSCtg86211 and no work around for it. Any updates received from Cisco TAC ?

View 7 Replies View Related

D-link Dir-655 :: Wifi Connections Dropped Periodically

Mar 5, 2011

My DIR-655 drops WiFi connections every few days.  All wired connections are fine.  Rebooting the router fixes the problem at that time.  Cable modem works perfectly fine. [code]

I'm sure I'm missing some devices, but that should give you the general mix of wired/wireless devices that I use.  I'm single with visits from my son every other weekend, so network traffic is not that high at my house.  I've had this router for a couple years now and didn't use to have this problem.  I've been updating the firmware, and I suspect this problem happened after on one those updates.  I just don't know which one.  Also, I didn't use to have any neighbors with Wireless Routers (that I could detect), but recently there have been 2 who have gotten them.  I was hoping this was a problem that D-Link was aware of, but that does not seem to be the case.  I would hate to have to go out and buy a new router (not D-Link).

View 14 Replies View Related

Cisco Firewall :: Teardown TCP Connections With Kaseya Server (ASA 5510)

Sep 12, 2011

normaly the agents has a persistent connection with the kaseya server (monitoring server),The connection  re-established afther the next check-in of the agent, instead of a persistent connection. Now we need to wait to the next check-in before we can connect to the agent. This is a big performance issue, the check-in time of the agents are 3 minutes.I see a lot of the following messages in de syslog:
 
6Sep 12 201120:27:48302013customer site527985721Built inbound TCP connection 5418112 for outside:(customer site)/52798 (customer site/52798) to inside:kaseya server/5721 (outsideIP/5721) 
6Sep 12 201120:29:09302014customer site527985721Teardown TCP connection 5418112 for outside:(customer site)/52798 to inside:kaseya server/5721 duration 0:01:21 bytes 45 TCP FINs 
  
I create a normal static nat rule from the kaseya server to a public ip address, and i define the protocols in de secutiry policy.ICMP has been allowed.cisco asa details:System image file is "disk0:/asa824-k8.bin" This platform has an ASA 5510 Security Plus license.It's look like a connection time-out between the agents and our cisco asa.

View 8 Replies View Related

Dropped Connections With Usb Wifi Card (alfa Awus036h)?

Oct 11, 2011

I am using Windows 7 Home premium SP1 (x86). I can connect fine and after a (seemingly random) amount of time the connection will drop (at least according to windows). I can also easily reconnect without a problem, but it will not pick back up the connection automatically, which is a problem because I use programs that need to access the internet and Often leave large files to download while I'm sleeping or not home. So If I'm not sitting at my computer to manually reconnect, then whatever i'm trying to accomplish doesn't get done.I'm using the ALFA AWUS036H USB wifi adapter. I had previously been running windows XP and this same thing would happen (though, much less often) but when it happened in XP it would automatically reconnect in a few seconds. I downloaded the drivers from ALFA's website incase the ones on disk were not up to date, and I tried both of them (they have a "normal" and "power control driver" option) and the problem remains. Also, I've never used an external wifi adapter before so I'm not sure if its supposed to work this way, but there are 2 "signal strength meters" in the system tray the standard windows one that you can click on and see available networks or go to windows "network and sharing center" and then there is the ALFA one that you can click on and it takes you to the ALFA wireless LAN utility, where you can also get a list of available networks.According to windows there is a problem with the connection, however according to the ALFA wireless LAN utility, the connection is fine (green bars means good connection, red bars means no connection)When clicking on the Windows "signal strength indicator" in the system tray, it shows 1 of 2 different problems (notice the differences that I've highlighted with red boxes). No matter which one happens I can NOT access the internet. Despite the "problems" shown above, the ALFA wireless LAN utility shows that its still connected (while windows is showing a connection problem)To reconnect I switch to the "profile" tab (which is just a list of neworks that i've previously connected to) and double click on the network. In this case it will be Enotria Public.... the same one that (according to the ALFA wireless LAN utility) I'm already connected too After clicking on the network, the ALFA wireless LAN utility "signal indicator" in the system tray will briefly turn red (signaling NO connection) while it "reconnects". Then it will turn back to green, and Windows network manager/signal indicator (whatever you call it) will proceed to reconnect as well. After this happens, all is good and I'm reconnected and can access the internet.

As you can see in pics above the ALFA wireless LAN utility is always connected, and it never drops the connection but even so, the internet will not work when Windows drops the connection. However, When reconnecting I can access the internet BEFORE Windows reconnects. (I still have to reconnect as described above, but after I do so I can access the internet before windows FINISHES reconnecting) The tab shown in this picture was a web page that I loaded BEFORE Windows ever reconnected, and it is a page that I have NEVER viewed before, so its not just loading it from cache.

View 9 Replies View Related

SMCD3GNV Modem / Router Intermittent Dropped Connections

Jul 27, 2012

[code] When the connection is online, the speeds are fine- the issue is the 2-3 times a day when the connection drops off. The error that we are getting is "cannot connect with primary dns server" however in our attempts to restore the connection we have: [code] is there some issues in the area that we are not aware of?

View 3 Replies View Related

Linksys Wireless Router :: WRT110 Connections Still Being Dropped

Jun 13, 2008

I have a WRT110 router (firmware v. 1.0.04) and a PC and an XBox 360 connected to it (both via cable). Every 15-20 minutes the connection is dropped for appr. 1-2 minutes. I tried modifying several router settings, but the connections are still being dropped

View 9 Replies View Related

Dell :: XPS 15 L502x Wi-Fi Link 1000 BGN Dropped Connections

May 31, 2012

I have two XPS 15 (L502x) laptops (purchased in March '12) with Intel Wifi link 1000 BGN adapters.  On a regular basis both laptops lose their connection to the internet (via FIOS), at the same time.  I'm convinced that is not FIOS or my router.  I have a Dell STUDIO 8100, an iPhone and iPad, and these wireless devices do not lose their connections.   Sometimes I'm able to resolve the issue by using "troubleshooting" via the adapter, often restarting the laptop and/or the router is the only way to resolve my problem.  I've run the Dell Support software, it indicates no drivers are available for update, so I assume I'm current.I've read about turning off 802.11n, I've read about problems w/ power management and conflicts with wireless.

View 10 Replies View Related

Cisco Firewall :: ASA 5510 - Dual Internet Connections / Routing DMZ Traffic

May 29, 2012

I am having an issue when implementing an additional internet connection on our ASA 5510. The new connection is "TWCOutside".  I was my understanding that static NAT would force our externally hosted servers (Email, PPTP VPN, and FTP) to continue to utilize the "ATTOutside" connection.  Our remote site-to-site VPN traffic has two static routes configured to force it to continue to use the ATTOutside connection.When I switch the metric on the 0.0.0.0 0.0.0.0 98.103.148.145 route to 1, and change out default dynamic xlate to use "TWCOutside", it "mostly" works as expected.  Email, the PPTP VPN server, and our remote site-to-site VPN server continue to use the ATTOutside connection as designed.  Our end users begin using the new connection for thier internet browsing.
 
However, our FTP server, in the DMZ, completley loses outside access.  It cannot ping to 8.8.8.8, or resolve DNS queries.  The is a static NAT statement for this server, as it is using one of our dedicated public IP addresses.  I need it to continue to do so for the next few weeks.Effectivley, we just want to give our end users internet browsing on the new TWC link, but leave everything else on the old ATT link for the time being.  The only problem I am having is the DMZ connection.  I am currently "rolled back", so no one is using the new connection until I figure this out.  I can easily switch the metric and dynamic PAT back to using the TWC connection, but I need to have some things to try with the DMZ before doing so. [code]

View 2 Replies View Related

Cisco Firewall :: 5510 - Connections Routing Between Two Internal ASAs Fail

May 19, 2012

We have a site with two inbound circuits, one for internet and one for our MPLS.  Each circuit is being terminated by a 2921 Router and matching ASA 5510 Firewall.  For the internal network, the Internet ASA's inside interface (172.16.0.1) is the default gateway for all hosts.  OSPF is the routing protocol between all the routers and ASA's and routing is working.  In fact, ICMP is working as well.  From an inside host (172.16.0.81), we can ping anything on the MPLS network.  But when I try to use telnet (for example), the connection fails.  If I add a route to 10.10.10.0 to the host, or re-configure the host to point to the MPLS ASA (172.16.0.254) as it's default gateway, connections will establish.
  
Both ASAs are running 8.4(3), and have the following commands:
 
same-security-traffic permit intra-interface
interface Ethernet0/0
nameif outside

[Code]....

And from the MPLS nodes, I can see a tcp request is made. 

View 6 Replies View Related

Linksys Wireless Router :: WRT400N - Every 30-45 Minutes All Connections Dropped?

Mar 13, 2011

I have a WRT400N and approximately every 30-45 minutes the router will drop all connections (wired and wireless), all the lights will go out and then power light (far right light) will flash for a minute or so.  I have tried connecting directly to my modem and I have no problems at all.

View 7 Replies View Related

Dell :: Windows 8 / DW1506 And DW1703 Dropped Wireless Connections?

Jun 28, 2013

I'm trying to configure a L3 switch with some vlans. Despite we add a "ip default-gateway", that is displayed on the "show run", when we look "show ip route" there is no default gateway or gateway of last resource.On the show running we see the following:
 
interface vlan 31
ip address 10.221.31.177.255.255.255.0
!
interface vlan 32
ip address 10.221.36.125 255.255.255.240
interface vlan 36
ip address 10.221.36.105 255.255.255.248
ip default-gateway 10.221.36.105
 
One server connected to the vlan 32 is not able to ping the switch svi on vlan 36 (10.221.36.105).When we look the "show ip route" we see that the default gateway is not set.Ip routing is enabled on the switch. I tested the same configuration on my simultator and it works fine.I'm attaching the "show running", "show version", "show protocols" and "show ip routing".The ip routing is enabled on the switch!

View 10 Replies View Related

Severe % Dropped Packets On XP Machine When Windows 7 Machine On Network Not Switch

Aug 2, 2011

I have a strange error on my home network that I cannot find a solution to.I have an Huawei SmartAX MT882 from TalkTalk acting as a modem connected to a D-Link DSL-G624T acting as a router/switch. Connected to the D-Link I have a Windows 7 Pro machine (64-bit, SP1) and an XP (home i think) machine (sp 2 i think).The SmartAX modem is set up to perform DHCP and DNS relaying and the D-Link has DHCP turned off and DNS relay turned off.The Win7 machine can access the network, get an IP address and access the internet without problems, regardless as to the status of the XP machine.The XP machine can access the network, get an IP address and access the internet with no problems ONLY of the win7 is powered up. When the win7 machine is off, the XP machine seems to drop about 25% of the ping packets between it and the D-Link router and has no internet access (because of this i assume). [code]

View 8 Replies View Related

Linksys Wireless Router :: E2500 Incoming Packet Loss And Dropped Connections?

Dec 23, 2011

I've been fighting with my E2500 since I got it back in June with lag, dropped connections, etc. It's a bit intermittent but can hang around for hours at a time when it kicks in. Restarts but the issue always comes back. Most noticeable while gaming online or on a VOIP program such as Team Speak. Generally when it happens If I'm monitoring my Team Speak connection the incoming packet loss shoots up between 20-30%, starting to drop out every other word or so. No out going packet loss. The connection drops are random between computers (I have one mac and one pc in the house) where one will be fine and the other wont, or when the whole system will stay connected and drop all transfer. In the case of this last one it's not my ISP's connection as any streaming happening between one computer and an Apple TV device will also cease. I've also swapped back to my old router (an older model linksys) and all problems have stopped. Fully rebooted and reconfigured the router about 3 or 4 times and am on the latest version of firmware (1.0.003). It was much worse on 1.0.002 but still very noticeable on 003. Also no difference with a different wireless adapter. I've tried the chat technical support but all they did was take 45 minutes to tell me how to reboot my router after telling them I already had.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved