Got a head scratcher

Nerm

Nerm

Member
Reaction score
20
Location
Madison, IN
I have a client that has 2 locations with a VPN between them. Each location has a Cisco ASA 5505 terminating the VPN and handling local routing. They have a server at each location replicating AD, DNS, etc between them across the VPN.

This issue happens about once a day and last for about 30 minutes. The issue is that one of the computers at location 1 is unable to access anything outside the local network. For example his computer responds to pings from the server, router, other PC's. He can ping other PC's on the local network, server, and inside address of the router. He cannot ping anything on the outside of the router or even across the VPN. We have already tried swapping cables, assigning his PC a static IP, swapping the switch, swapping his PC, fresh config on ASA, even swapped ASA with brand new one.

What makes this even stranger is that it only happens with the one computer. None of the other machines at either location have this issue.

If anyone has any possible solutions I am all ears or eyes I guess haha.
 
Last edited:
What type of user license is on the 5505's? 10 user, 50, unlimited? Possible you hit your limit for internal hosts.


show local-host | i Current

Example Output: Current host count: 17, towards licensed host limit of: 50


Would be a good idea to look at the logs on the ASA when this happens. Is the ASA at the edge of the network or is there another router downstream or upstream?
 
Last edited:
You make a good point about the license. The client told me they were using 9 IP's plus server which should be 10 total which is what their license on the ASA is for, however I did my own inventory because I thought he may not be including network printers, cameras, etc. Low and behold he actually has 15 total devices on the network with IP's. May have found my issue. :)
 
Yeah the host licensing is sometimes overlooked. IMO they should just spend the 120.00 and get a 50 user license to cover themselves.


This how cisco classifies "internal hosts"

In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.
 
Last edited:
You must log in or register to reply here.

Similar threads

Diggs
How does Windows know when it is on the Internet?
Replies
6
Views
922
nlinecomputers
nlinecomputers
thecomputerguy
Can I use a UDM-Pro as a controller ONLY?
Replies
1
Views
563
phaZed
phaZed
HCHTech
Hyper-V - Moving VM to a new host
Replies
6
Views
981
britechguy
britechguy
Velvis
Question about hotspot on a phone
Replies
7
Views
1K
Diggs
Diggs
ComputerDave
Windows Installer Can't See Local Drive
2
Replies
25
Views
4K
britechguy
britechguy
Back
Top