Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hey Guys new here and need some help with ASA5505

Status
Not open for further replies.
CRS1

CRS1

MIS
Nov 23, 2007
12
US
Hey guys I have an issue. I have and ASA5505 that drops the connection to the Internet once a month. I have no issues with the internal network, but I just can't get out to the Internet. I checked the logs on the ASA and when I try to get out to the Internet I get this on the logs, "Failed to locate egress Intereface for UDP from inside (hostname)" Once I reboot the ASA everything is back to normal and I can get out again. I have looked around with the error message, but can't find anything that can help me. Anyone ever seen this or have a solution for this?

Any feedback would be great!

ASA Ver 7.2(3)
ASDM Ver 5.2(3)

Thanks!
 
Sort by date Sort by votes
I didn't make note of the Log message ID, but the error was "Failed to locate egress interface for UDP from inside (hostname). Here's my config. When I reboot the ASA everything goes back to normal.

CiscoASA# sh run
: Saved
:
ASA Version 7.2(3)
!
hostname CiscoASA
domain-name ATHENA.com
enable password X encrypted
names
name 192.168.X.X OCL
name 192.168.X.X ATHENA
name 192.168.X.X HERMES-FS01
name 10.0.0.1 VPN
!
interface Vlan1
description Connection to *****Internal_LAN*****
nameif inside
security-level 100
ip address 192.168.X.X 255.255.255.0
!
interface Vlan2
description Connection to *****INTERNET*****
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
description Connection to *****INTERNET*****
switchport access vlan 2
!
interface Ethernet0/1

!
interface Ethernet0/2
description Connection to OCL
!
interface Ethernet0/3

!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
description ***** PoE Port *****
!
interface Ethernet0/7
description ***** PoE Port *****
!

boot system disk0:/asdm-523.bin
boot system disk0:/asa723-k8.bin
boot config disk0:/startup-config
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name ATHENA.com
object-group network Zeus
network-object 192.168.X.X 255.255.255.0
network-object 192.168.X.X 255.255.255.0
network-object 192.168.X.X 255.255.255.0
network-object 192.168.X.X 255.255.255.0
network-object 192.168.X.X 255.255.255.0
network-object 192.168.X.X 255.255.255.0
access-list Zeus_splitTunnelAcl extended permit ip 192.168.X.X 255.255.255.0 any
access-list Zeus_splitTunnelAcl extended permit ip 192.168.X.X 255.255.255.0 any
access-list Zeus_splitTunnelAcl extended permit ip 192.168.X.X 255.255.255.0 any
access-list Zeus_splitTunnelAcl extended permit ip 192.168.X.X 255.255.255.0 any
access-list acl_out remark Network
access-list acl_out extended permit ip 172.X.X.0 255.255.255.0 any inactive
access-list acl_out remark VLAN10 SUBNET
access-list acl_out extended permit ip 192.168.X.X 255.255.255.0 any inactive
access-list acl_out remark VLAN20 SUBNET
access-list acl_out extended permit ip 192.168.X.X 255.255.255.0 any inactive
access-list acl_out remark VLAN30 SUBNET
access-list acl_out extended permit ip 192.168.X.X 255.255.255.0 any inactive
access-list acl_out remark VLAN40 SUBNET
access-list acl_out extended permit ip 192.168.X.X 255.255.255.0 any inactive
access-list acl_out remark VLAN130 SUBNET
access-list acl_out extended permit ip 192.168.X.X 255.255.255.0 any inactive
access-list acl_out remark Deny ICMP from the VPN Network
access-list acl_out extended deny icmp object-group VPN 255.255.255.252 log emergencies
access-list acl_out remark VLAN200 SUBNET
access-list acl_out extended permit ip 192.168.X.X 255.255.255.0 any log
access-list acl_out remark VLAN200 SUBNET
access-list acl_out extended permit tcp 192.168.X.X 255.255.255.0 any log inactive
access-list inbound_dc remark ATHENA
access-list inbound_dc extended permit tcp any any eq 9999 log critical inactive
access-list inbound_dc remark ATHENA
access-list inbound_dc extended permit udp any any eq 9999 log critical inactive
access-list inbound_dc remark Deny ICMP from Inside to Outside.
access-list inbound_dc extended deny icmp any any log
access-list inside_outbound_nat0_acl extended permit ip 192.168.200.0 255.255.255.0 VPN 255.255.255.252
access-list inside_outbound_nat0_acl extended permit ip 192.168.X.X 255.255.255.0 VPN 255.255.255.252
access-list inside_outbound_nat0_acl extended permit ip 192.168.X.X 255.255.255.0 VPN 255.255.255.252
access-list inside_outbound_nat0_acl extended permit ip 192.168.X.X 255.255.255.0 VPN 255.255.255.252
access-list inside_outbound_nat0_acl extended permit ip any VPN 255.255.255.252
access-list outside_cryptomap_dyn_20 remark New Subnet
access-list outside_cryptomap_dyn_20 extended permit ip any VPN 255.255.255.252
access-list http-list extended permit tcp any any inactive
pager lines 24
logging enable
logging timestamp
logging list SyslogsASA5505 level critical
logging console critical
logging monitor notifications
logging trap informational
logging history alerts
logging asdm informational
logging mail alerts
logging facility 23
logging device-id hostname
logging host inside ATHENA
logging permit-hostdown
logging class auth trap informational
logging class config trap informational
logging class vpn trap informational
mtu inside 1500
mtu outside 1500
ip local pool VPN 10.0.0.1-10.0.0.2 mask 255.255.255.252
ip verify reverse-path interface inside
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit host OCL inside
asdm image disk0:/asdm-523.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 9999 ATHENA 9999 netmask 255.255.255.255
static (inside,outside) udp interface 9999 ATHENA 9999 netmask 255.255.255.255
access-group acl_out in interface inside
access-group inbound_dc in interface outside
route inside 192.168.X.0 255.255.255.0 192.168.200.2 1
route inside 192.168.X.0 255.255.255.0 192.168.200.2 1
route inside 192.168.X.0 255.255.255.0 192.168.200.2 1
route inside 192.168.X.0 255.255.255.0 192.168.X.1 1
route inside 192.168.X.0 255.255.255.0 192.168.200.2 1
route inside 172.16.20.0 255.255.255.0 172.16.20.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
http server enable
http ATHENA 255.255.255.255 inside
http VPN 255.255.255.252 inside
http OCL 255.255.255.255 inside
http HERMES-FS01 255.255.255.255 inside
http VPN 255.255.255.0 inside
snmp-server host inside ATHENA community teamnet
snmp-server location X
snmp-server contact X
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server listen-port 162
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map_1 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map_1 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map_1
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet timeout 5
ssh VPN 255.255.255.252 inside
ssh OCL 255.255.255.255 inside
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
!
dhcpd address 192.168.X.X-192.168.X.X inside
dhcpd dns X.X.X.X X.X.X.X interface inside
dhcpd domain ATHEN.com interface inside
dhcpd auto_config outside interface inside
dhcpd enable inside
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
tftp-server inside OCL /
group-policy Zeus internal
group-policy Zeus attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Zeus_splitTunnelAcl
default-domain value Zeus
split-dns value Zeus.com
username X password X encrypted privilege 15
tunnel-group Zeus type ipsec-ra
tunnel-group Zeus general-attributes
address-pool VPN
default-group-policy ASA
tunnel-group Zeus ipsec-attributes
pre-shared-key XXXXXX
smtp-server X
prompt hostname context
compression svc
Cryptochecksum:X
: end
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
334
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
100
PauS0n
PauS0n
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
389
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
294
nnaarrnn
nnaarrnn
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
76
tklamb
tklamb

Part and Inventory Search

Sponsor

Back
Top