Issue with Cisco ASA 5505 VPN going down overnight

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
russellhltn
Community Administrator
Posts: 29131
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sat Sep 13, 2008 5:00 pm

terrellthomas wrote:I found that Netgear equipment I had installed require Static IP address to be set on PCs to get relible connections.


Interesting. I wonder why. I'm not sure where they stand now, but thought Netgear has/had a good reputation. I wonder if there's issues about how the Cisco firewall and Netgear play together.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

User avatar
Mikerowaved
Community Moderators
Posts: 3971
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sat Sep 13, 2008 6:03 pm

How did you manage to set a fixed IP address in the ASA router (or did you)? I assume since you've been using it already, the Church has already taken control of it locking out users (and STS's).
So we can better help you, please edit your Profile to include your general location.

User avatar
aebrown
Community Administrator
Posts: 15123
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Sat Sep 13, 2008 6:57 pm

Mikerowaved wrote:How did you manage to set a fixed IP address in the ASA router (or did you)? I assume since you've been using it already, the Church has already taken control of it locking out users (and STS's).


In our case, the ASA router already had a fixed IP address (10.0.x.y -- I don't remember x and y). The IP address was on a sticker on the router, so it was preassigned.

User avatar
Mikerowaved
Community Moderators
Posts: 3971
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Sun Sep 14, 2008 2:56 am

Alan_Brown wrote:In our case, the ASA router already had a fixed IP address (10.0.x.y -- I don't remember x and y). The IP address was on a sticker on the router, so it was preassigned.

As far as I know, that's the case with all of them, but that's not what I was referring to. In this post...

terrellthomas wrote:Have not had any problems since we set Static IPs on all equipment behind the Netgear equipment.


...I understood him to imply the ASA was behind the Netgear router (double NAT'ing) and he had somehow set a static IP address for it also. If so, this would have to be set on the WAN side of the ASA, so it would not be the one printed on the top. That's only for the LAN side. You can initially set the WAN side to a fixed IP address, but once you've made your call to GSD and they have taken control, it's locked from making further changes.
So we can better help you, please edit your Profile to include your general location.

russellhltn
Community Administrator
Posts: 29131
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sun Sep 14, 2008 1:10 pm

Mikerowaved wrote:...I understood him to imply the ASA was behind the Netgear router (double NAT'ing) and he had somehow set a static IP address for it also.


The way I understand it is the order is:

Modem -> ASA Firewall -> Netgear.

If it was the other way around, then the Netgear would be giving someone access to unfiltered Internet. I've always understood "behind" to be from the point of view of the public side, not the user side. So I would say the Netgear is "behind" or "after" the firewall.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.

jamesm76
New Member
Posts: 12
Joined: Tue Sep 09, 2008 9:50 pm
Location: Cameron Park, CA, USA

Postby jamesm76 » Tue Nov 25, 2008 3:59 pm

As an update... we just got our replacement 5505 about 2 weeks ago (it's been on back order) and I installed it yesterday. I went in today and the system was still online. So I'm guessing that we had a defective 5505 or the configuration was bad. Anyway, I wanted to report this information back here in case it could help someone with a similar issue. I will post another update if it starts acting up again.

techgy
Community Moderators
Posts: 3183
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Tue Nov 25, 2008 6:39 pm

jamesm76 wrote:As an update... we just got our replacement 5505 about 2 weeks ago (it's been on back order) and I installed it yesterday. I went in today and the system was still online. So I'm guessing that we had a defective 5505 or the configuration was bad. Anyway, I wanted to report this information back here in case it could help someone with a similar issue. I will post another update if it starts acting up again.


Thanks for the feedback. I had a very similar issue happen to me a few weeks ago during the installation of one of four ASA's. It turned out that the ASA was faulty and after replacement it worked fine.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest