Cisco Firewall :: Pix 501 Dropping Devices From Network?
Nov 18, 2012
Recently I've pulled a PIX 501 out of a closet (having never been used) and configured it for a VPN with my PIX 506e at an offsite location. This offsite location has a PC, Printer, Access Point, and remote VOIP phone. The VPN itself works great, but periodically the PIX just drops some network devices, specifically the Access Point and the Firewall. Both devices stay off until I reboot it (through an SSH connection) they then spring back to life.
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
[Code].....
View 2 Replies
ADVERTISEMENT
Sep 15, 2012
I have a mix of devices that all access the internet via a Deutches Telkom Speedport W 723v my windows devices, HTC phone and even the iPad 2 never have a problem, but my Macbook Pro (Unibody Late 2008 model) and my iMac (Probably 2007 / 2008) keep having a problem with the network dropping out. To fix it I have to switch off Airport and switch it back on again and it re-connects straight away.The Mac OSX software albeit now rather dated on both devices (The Macbook is 10.5.8) is kept up to date using Software Update.The problem amy also now be affecting my APPLE TV2 it never had a problem before but now I cannot connect to iTunes on my Macbook using Home Sharing it just does not want to connect!!!I did try before going into the Speedport and changing channels from AUTO to channel 1 but that did not resolve it. I am going to do it again and try a different channel but logging onto the Speedport is an absolute pain, I can only login using my Macbook Pro when it is booted into Windows XP and on Ethernet as we had all sorts of problems setting it up and could only do it using IE not SAFARI and now the Speedport login only recognises 1 x PC for logging in, if you try a different device it throws a wobbly and locks up!
View 7 Replies
View Related
Jul 25, 2012
I have recently deployed a wireless network using a WLC 2504 with 21 Light APs. All seems fine except that Apple Devices drop their connections every 15 minutes or so. A couple of minutes later they can reconnect but obviously something is wrong.
View 2 Replies
View Related
Jan 10, 2013
we have a Cisco 2901 as a router on a stick for several vlans. Everything on the segment routes fine and accesses the internet just as they should. The 2901 connects to an ASA5505 on port 0/1. Any host connected to the ASA5505 can access the internet, but can not ping into any of the vlans off of the 2901. The strange thing is on either segement of the network I can ping all of the gateways. What is even more strange is when I run wireshark from behind the firewall going into the 2901 I can not see the packet on another wireshark instance behind the 2901. However if I start a ping for a host host behind the asa I can see the packet in wireshark on the host, which I am trying to ping, hit the gateway.
View 15 Replies
View Related
Sep 10, 2012
I have a 5505 between a vendor router & my company network, vendor is not able to access devices on internal network. I am also not able to access the firewall via asdm
View 10 Replies
View Related
Jan 23, 2012
I have a Cisco ASA 5510 firewall, my problem is that when the first VPN connections is established everything is good. But when that connections is cancel or terminated due to non connectivity. No one can connect to that firewall through that VPN unless that firewall is restarted.
View 1 Replies
View Related
Apr 30, 2013
I am having an issue where the ASA is dropping packets on the vlan interfaces. I have it as a dedicated router/firewall for a 100mb connection .
Vlan1 is the internal networkVlan2 is the network to cable modem
Eth 0/1 is connected to a 2960G switch with hard coded 100mb Full Duplex at each end, this is the inside interface. Eth 0/0 is the connection to the cable modem, this is the outside interface, set at auto at both ends.
Im getting on the vlans eg. 51253 packets dropped however network traffic isnt impacted and everything runs fine, as well as 46532 switch ingress policy drops.
Example;
ciscoasa# sh int vlan1Interface Vlan1 "inside", is up, line protocol is up Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec MAC address 70ca.9b36.ab80, MTU 1500 IP address 10.x.x.x, subnet mask 255.255.255.0 Traffic Statistics for "inside": 43250588
[Code]......
View 1 Replies
View Related
Sep 3, 2012
I have an issue where my customer is only using the ASA as their firewall. When their internal users try to connect to a partner's site using a 3rd party IPSec solution it seems as if the return NAT-T traffic is being dropped. However when looking at the traffic the udp500 communication goes through, but the 4500 traffic hits the outside interface and then gets dropped.
I used the packet tracer command and the output is set to Allow. Also after initiating the vpn connection I see two udp connections (one for 500 and the other for 4500.
I cleared the asp table drop, and didnt see to see anything, I am waiting on the running config, and the customer is running ASA 8.4.
I used the capture tool on both interfaces (inside using the client ip, outside using the interface ip, both destined to the 3rd party vpn Headend). Here are the screeshots for this.
I went ahead and color coded the ip address. Green is the pre-nat inside Red is the destination for the VPN headend, and Blue is the PAT ip going out.
View 10 Replies
View Related
May 15, 2013
I have our main site using a Cisco 5510 running 8.4.2 code and a remote site using a Cisco 5505 running 8.4.2 code. The main site has a T1 and the remote site is using a DSL connection. About every other day I have to reset the connection at the remote site. The process that I have found that works is to remove the nat statement, clear the cry ips sa and then add back the nat statement. The connection usually comes back up and a few minutes. I am trying to see what is causing this to drop.
View 5 Replies
View Related
Jun 23, 2012
I have a Cisco ASA 5505 - 50 VPN edition. I have baffling network issues that I have not been able to pinpoint and I recently started to think it may have something to do with my ASA. I'm a network administrator and I have a Cisco ASA 5505 in my home network so I can learn how to manage Cisco ASA's and utilize the Easy VPN feature so I have a always on VPN connection into work to log into servers, etc. I've been using the ASA for almost 6 months with the EasyVPN feature with no issues. My ISP is Comcast.
Within the last week my connections have been randomly dropping for about 20 seconds and then reconnecting. I have two computers on the network that have a direct ethernet run to the switch ports on the back of the ASA. When the connection drops, I see my LAN icons completely lose connectively (yellow exclamation warning) then after 20 seconds, reconnect. This is very random. I was able to get it to happen every time I connected to XBOX live and play a online game. It would almost on cue drop after 30 minutes of online gamming. Here are the steps I have taken:
1. Replaced 10/100 switch to a brand new 10/100/1000 switch from computer run in my office to the ASA.
no joy
2. I upgraded the ASA to the most recent firmware: ASA Version 8.4, ASDM Version 6.4
no joy
3. I had an ethernet run under my carpet to the office, I started to think that maybe one of the cables had an issue after walking on it and vacumming causing a short. I removed all the ethernet under the carpet and installed power line over ethernet adapter from the ASA to my office.
no joy
4. I checked both computers on the network for viruses. All computers came back clean after scanning wth Malwarebytes and SuperAntispyware.
5. I've watched the logs on the ASA as the LAN connection drops and I don't see error messages to troubleshoot this issue.
The only thing left to replace is the Comcast modem or the Cisco ASA. The Comcast modem is newer and only about 1 year old (rented from Comcast). Since my actual LAN connection drops and I lose connectively I believe there may be some issue with the ASA or the ASA switch ports or some sort of internal hardware issue on the ASA.
View 4 Replies
View Related
Feb 28, 2012
We have a setup with a MS-TMG - ASA (8.2.4(4) in routing mode) - (internal) Router - FWSM - Router - Exchange with NLB. We have now the problem that IMAPS is not really working through this setup. It works from internal (without ASA and TMG inbetween), but not reliably through the internet. There is a rule on the ASA which permits the ports from the TMG to the Exchange NLB address.We opened a case with Microsoft and they told us that not all tcp-syn packets are received by the Exchange server which were sent by the TMG.Thus I sniffed on the ASA with a packet capture and indeed, a lot of syn packets were on the interface to the TMG, but not anymore on the interface to the internal router.This ASA also filters all other internet<->company traffic, so there's a lot of stuff running.
Maybe it's dropped in the ASP, or is the capture maybe not valid?Here the show asp drop:
ASA01-Internet# sh asp drop
Frame drop: Invalid TCP Length (invalid-tcp-hdr-length) 1 Reverse-path verify failed (rpf-violated) 319 Flow is denied by configured rule (acl-drop) 477077 First TCP packet not SYN (tcp-not-syn) 10212 TCP data send after FIN (tcp-data-past-fin) 41 TCP failed 3 way handshake (tcp-3whs-failed) 824 TCP RST/FIN out of order (tcp-rstfin-ooo) 1419 TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 6 TCP SYNACK on established conn (tcp-synack-ooo) 1 TCP packet SEQ past window (tcp-seq-past-win) 821 TCP invalid ACK
[code]....
View 9 Replies
View Related
Mar 5, 2012
I've got a problem on 887VAMG router. It drops important connections. As customer wants to have a firewall I created ACL and ip inspect rules ,but the router drops their connections to cloud and some websites are not opening. So I removed ACL and most ip inspect rules just to test if it effects that. And left only ip inspect http urlfilter. But still they have those problems, so I'm really stuck how to configure that firewall. The below some dropping connection review:
%FW-6-DROP_PKT: Dropping tcp session due to RST inside current window with ip ident 13968 tcpflags 0x5014 seq.no 1629693318 ack 1687676045
000049: Mar 6 11:49:21.324: %FW-6-DROP_PKT: Dropping http session <ip>:1766 69.171.242.12:80 with ip ident 26247 tcpflags 0x5018 seq.no 264144210 ack 642133125
000050: Mar 6 11:50:00.774: %FW-6-DROP_PKT: Dropping http session <ip>:4708 69.171.242.12:80 with ip ident 2425 tcpflags 0x5018 seq.no 3819869211 ack 1862176018
000051: Mar 6 11:50:52.515: %FW-6-DROP_PKT: Dropping http session <ip>:2599 173.194.34.90:80 due to RST inside current window with ip ident 22909 tcpflags 0x5014 seq.no 899975979 ack 92642430
[code]....
View 1 Replies
View Related
Aug 21, 2012
I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part.
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Guest VLAN has access to 2 IP's in Data for printing. Cisco871#sh run
Building configuration...
Current configuration : 8005 bytes
!
version 12.4
no service pad
[Code].....
View 1 Replies
View Related
Jun 23, 2011
6Jun 24 201118:08:44209.85.213.5458623174.141.xx.xx25Deny TCP (no connection) from 209.85.213.54/58623 to 174.141.xx.xx/25 flags RST on interface outside I am getting this error in my asdm logs whenever I try to send an email with an attachment. Regular email go through fine. If I send a 1mb file it seems to go through after several attempts. If I send a 5mb file it might go through anywhere between 4-15 hours. It doesn't matter where I send from. Sometimes it will say ACK or RST ACK on interface instead of RST. The ASA is running 8.3.1 code. I have tried inspect ESMTP and removed it, tried sysopt connection timewait. I am at a loss.
View 1 Replies
View Related
Jul 21, 2012
We have a Cisco ASA 5505 (v7.2(3)) with a "fairly" normal configuration yet we have a problem where it appears UDP/53 traffic is denied on our inside network.
here is output from our sys log:
SyslogID Source IP Dest IP Description
305006 172.18.22.3 portmap translation creation failed for udp src inside:172.18.22.156/42013 dst inside:172.18.22.3/53
To give some clarification:
172.18.22.3 is one of our DNS servers
172.18.22.156 is a device we're experimenting with.
We've bypassed the Cisco by using a 4G wireless router with this same device - and it works flawlessly.Here is a [scrubbed] copy of our config. It is what I inherited from the previous admin - I'm not sure of all its finer points (I'm not Cisco certified -- perhaps I'm just certifiable.)
: Saved
:
ASA Version 7.2(3)
!
hostname [redacted]
[code].....
View 5 Replies
View Related
May 24, 2012
One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would essentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
interface Ethernet0/5
switchport access vlan 2
View 3 Replies
View Related
Feb 12, 2013
Trying to add inside routes on an ASA 5505 to point traffic to another gateway for other connected networks is resulting in the following error 6Sep 16200 819:13:5810601510.184.236.1265003810.170.54.1823389Deny TCP (no connection) from 10.184.236.126/50038 to 10.170.54.182/3389 flags RST on interface insideI believe the problem is due to the Asymetric tcp connection and the ASA is dropping the connection because it only see one half of the traffic.Is there a way we can stop the firewall dropping the TCP connections on the inside interface? i've tried removing the threat managment which didnt work.Annoying thing is were putting the ASA 5505's in to replace old Watchguard soho firewalls only the watchguards forwarded the traffic no problem at all.
View 1 Replies
View Related
Sep 6, 2011
I came across a situation where a client had an old PIX 525 running PIX 6.2. There was a Windows 2008 R2 server running Exchange 2010 that was having trouble delivering email to a handful of email servers. We then found out that we could telnet to these servers on port 25 but got no return traffic. We then went back the old email server that was running Windows 2003 Server and could telnet to port 25 on these email servers and got a response, saw the banner and could issue commands. The first thought was reverse DNS which we thoroughly checked and it was not. I turned off the smtp fixup protocol and that didn't fix it either. From workstations on the network running XP or Windows 7 or Linux you could telnet to these servers and you would get a response but just not with 2008 server. I spent hours on the phone with Cisco support and it was determined that the packets were returning and we could capture the packets on the outside interface but they were then dropped by the firewall. Using the 6.2 version of PIX we could not determine why the packets were being dropped. I suggested upgrading to the next major version to be able to troubleshoot the issue further. We then upgraded the PIX to version 7.0(8). After the upgrade we were able to telnet to the problem mail servers from Windows 2008 Server and there were no issues. Is there a know issue with Windows 2008 Server and PIX 6.2?
View 1 Replies
View Related
May 23, 2011
I am attempting to FTP to a remote site through a IPSEC tunnel.When I am transfering large files the ASA5540 is showing syslog errors stating "connection timeout". What I think is happening is after about 1 hour the firewall is closing the connection control port for the FTP session and neither end is notified so eventually the transfer is stopped.What do I need to modify in the FW to accommodate these larger files?
View 1 Replies
View Related
Aug 21, 2011
A recently added outbound rule has left my SMTP communications broken. I have since removed the rule, and had Cisco do some damage control, but it's still dropping some of the SMTP traffic. I get a number of NDR messages each day like the one below:Your message did not reach some or all of the intended recipients. Subject: RE: Christopher, Curt Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached:
[URL]
on 8/21/2011 9:49 AM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<630.SM.Local #4.4.7>
Your message did not reach some or all of the intended recipients. Subject: RE: Christopher Curd Sent: 8/19/2011 9:38 AM The following recipient(s) could not be reached: JWillar@email.com on 8/21/2011 9:49 AM Could not deliver the message in the time limit specified. Please retry or contact your administrator. <630.SM.Local #4.4.7>
I've attached an image of my configuration (ASDM GUI). The part of the image highlighted in green are the SMTP rules. The part highlighted in yellow is another rule that I added about a month ago to block a SYN attack. This rule may be part of the problem because of the order it is in the list. Not sure, though.
I have had two Cisco techs Putty into my ASA to check things out. I think they've done all they can. I wonder at this point if it be wise to just reload the last good running-config I have prior to the Outbound rule being added.
View 13 Replies
View Related
May 24, 2012
One of our hospitals keeps reporting that their internet is going out for a while than comes back up, sometimes they even have to reset the ISP modem for this it to work again. I upgraded and switched ISP to Time Warner Cable and figured it would esentially solve the issue, but there are still reports of internet outage and our new ISP has confirmed multiple times that their end is still up. Our ASA 5505 was configured by a previous employee, but when looking at the running config I noticed that the Interface for our ISP is NOT set to Duplex Full and Speed 100.
interface Ethernet0/5
switchport access vlan 2
View 1 Replies
View Related
Nov 29, 2012
I have a Vista 32bit desktop computer which keeps dropping internet connection. It is ok for a day, maybe two, but then all connection has gone.
View 1 Replies
View Related
Dec 11, 2011
So my sister moved the router to a room which we did not realize had a broken phone jack. we moved it back to the place it has always been. However,the desktop in my room has been dropping connection while the other laptops are working fine.The first problem was being unable to load any pages at all.If I left it there, it would stay connected.Open up firefox and try to surf, my wireless network will disconnect.I unplugged and replugged the router to see if it fixed it.I can now surf a bit but my ms is always around 300-500 ms.Seeing as how replugging the router worked,I tried again.I can connect to some pages with a ping of 10-25 ms. However, any game installed on the desktop when running will either disconnect me or cause extreme lag.This has only started to happen after the router was moved.
View 6 Replies
View Related
May 25, 2011
I currently have the default inspection engine configured in my firewall to inspect http traffic. I noticed that the ASA will drop packets when visting legitimate websites. I've tried googling for a workaround but have been unsucsselful. How can I exclude some websites or IP's from being affected by the inspection engine?
View 1 Replies
View Related
Feb 22, 2012
The firewall on my RVS4000 appears to hang when ever I use Netflix. If I disable the firewall and re-enable it it works for a while and then stops again. My IP address is in the Approved Client IP Addresses so it is excluded from the URL filtering and Web reputation rules.
View 5 Replies
View Related
Mar 17, 2011
I have 2 ASA 5510 firewalls at 2 different sites. Both running on version 8.0.4. Users are using an Instant Messaging type of application provided by a local telco here which is able to send and receive SMS using SIP (from the packet capture that I've done).
When users use the IM in site A, they are able to send and receive text messages via the IM from behind the firewall. However, when the users are in site B, users are able to send out text messages but not able to receive them.
I noticed that when I remove "inspect sip" from site-B's global policy map, users from site-B can successfully receive text messages. I have confirmed that it is the firewall that drops the packets as I have captured the inside and outside interfaces of site-B's ASA and I can see the incoming sip "request: MESSAGE" packet on the outside interface but I do not see the packet exiting the inside interface.
I have cross check both firewall configurations, and I do not see anything suspicious commands relating to sip that might cause this issue. Is there any command to troubleshoot why the sip inspection is dropping the sip packets on site-B?
View 15 Replies
View Related
Aug 1, 2012
I have noticed a few times over the last month that my PC would not load pages due to connection problems. If I hover over the Network icon, it say that I am not joined to a network but within minutes, it reconnects itself. I use http://www.scan.co.uk/products/zyxel-pla-4201-500mbps-mini-powerline-adaptor-twin-pack power adapters and they "appear" to work well with good speeds as I download and game online alot. I have noticed that today the problem is really bad. It loses its connection every 5 or 10 minutes and then reconnects itself as if nothing has happened. I tried using my iphone on the wireless and it also seemed to have dropped out on connection. I have tried resetting my router too but with no joy
View 6 Replies
View Related
Jan 12, 2012
We run windows server foundation 2008 and have about 15 workstations. I had been running the network on 10 workstations prior to moving the server to our new location about a month ago. All was working well. We had run with the 15 workstations no problem in our new facility for several weeks. many of the computers are dropping the network connection now intermittently, with no predictable pattern. I can't seem to reproduce the conditions that cause the drops.
View 1 Replies
View Related
Mar 17, 2012
I'm looking to improve my connectivity,as the internet drops out a few times a day.Let me explain - I hope I'm correct in my assumptions.Every few hours, my PS3 will have a DNS error, and upon checking my iPhone, I notice that it's switched from wifi over to 3G and there seems to be a loss of connection. I cannot reconnect to the internet until I've restarted my router, or 'forgotten' and rejoined the network.
Additionally, we have an Apple TV, and connection drops out about 3 or 4 times every hour, which is very frustrating when trying to watch a movie.
[code]...
View 14 Replies
View Related
Apr 30, 2013
My internet connection has been dropping intermittently over the past week or so.This all seems to have started when my brother called Verizon because his laptop would not connect. He restored his laptop and he was having issues connecting. They changed something to allow him to connect.
The model of the modem/router is GT78WNV
View 2 Replies
View Related
Jan 15, 2011
I have two different friends that are having problems with their printers which are connected to their home network. One has an Lexmark printer wired to their router and running Windows Vista on a laptop. The other has an HP printer connected to the network wirelessly and the laptop is running Windows 7.
In both cases, they are setup to use DHCP. When first setup and the printer software was installed, everything worked fine. Now they each get a message showing 'offline' when they try to print. I went to each of their houses, downloaded and installed the latest printer software and they were printing again. After a short time, the same problem surfaces.
View 9 Replies
View Related
Nov 18, 2012
Connection goes out from time to time. Especially when downloading and uploading. Ive posted here before and the problem fixed it self for a few days and now its back again. Drivers are up to date. Router firmware is up to date
View 13 Replies
View Related
Jan 15, 2012
We are having an issue on our domain where both internet and network connection drops at random, this lasts from about 30 secs up to a minute.The Domain server is running Server 2003 and we have afew XP and a few windows 7 machines.All of this is behind a SonicWall TZ-200 firewall.[code]
View 2 Replies
View Related
