Go Back   Technibble Forums > Technical Discussions > Networking

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 06-29-2012, 02:07 PM
Nerm Nerm is offline
 
Join Date: Dec 2008
Location: Madison, IN
Posts: 233
Nerm is an unknown quantity at this point
Default Got a head scratcher

I have a client that has 2 locations with a VPN between them. Each location has a Cisco ASA 5505 terminating the VPN and handling local routing. They have a server at each location replicating AD, DNS, etc between them across the VPN.

This issue happens about once a day and last for about 30 minutes. The issue is that one of the computers at location 1 is unable to access anything outside the local network. For example his computer responds to pings from the server, router, other PC's. He can ping other PC's on the local network, server, and inside address of the router. He cannot ping anything on the outside of the router or even across the VPN. We have already tried swapping cables, assigning his PC a static IP, swapping the switch, swapping his PC, fresh config on ASA, even swapped ASA with brand new one.

What makes this even stranger is that it only happens with the one computer. None of the other machines at either location have this issue.

If anyone has any possible solutions I am all ears or eyes I guess haha.
__________________

Last edited by Nerm; 06-29-2012 at 02:16 PM.
Reply With Quote
  #2  
Old 06-29-2012, 03:20 PM
teksquad teksquad is offline
 
Join Date: Jul 2011
Location: Raleigh, NC USA
Posts: 162
teksquad is on a distinguished road
Default

What type of user license is on the 5505's? 10 user, 50, unlimited? Possible you hit your limit for internal hosts.


show local-host | i Current

Example Output: Current host count: 17, towards licensed host limit of: 50


Would be a good idea to look at the logs on the ASA when this happens. Is the ASA at the edge of the network or is there another router downstream or upstream?
__________________
Andrew Bromfield
andrew@teksquad.net
http://teksquad.net


Last edited by teksquad; 06-29-2012 at 03:24 PM.
Reply With Quote
  #3  
Old 06-29-2012, 03:32 PM
Nerm Nerm is offline
 
Join Date: Dec 2008
Location: Madison, IN
Posts: 233
Nerm is an unknown quantity at this point
Default

You make a good point about the license. The client told me they were using 9 IP's plus server which should be 10 total which is what their license on the ASA is for, however I did my own inventory because I thought he may not be including network printers, cameras, etc. Low and behold he actually has 15 total devices on the network with IP's. May have found my issue.
__________________
Reply With Quote
  #4  
Old 06-29-2012, 03:36 PM
teksquad teksquad is offline
 
Join Date: Jul 2011
Location: Raleigh, NC USA
Posts: 162
teksquad is on a distinguished road
Default

Yeah the host licensing is sometimes overlooked. IMO they should just spend the 120.00 and get a 50 user license to cover themselves.


This how cisco classifies "internal hosts"

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.
__________________
Andrew Bromfield
andrew@teksquad.net
http://teksquad.net


Last edited by teksquad; 06-29-2012 at 03:41 PM.
Reply With Quote
  #5  
Old 06-29-2012, 03:39 PM
Nerm Nerm is offline
 
Join Date: Dec 2008
Location: Madison, IN
Posts: 233
Nerm is an unknown quantity at this point
Default

Yea sometimes it can be the simplest of problems.
__________________
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:18 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.