I have a ASA 5505 firewall that is suddenly locking up. It started 2 weeks ago when our provider changed from a static to a dynamic IP (i.e. they tied our MAC to a static IP). Since then every day or so the network will stop working. I am not able to ping the ASA or log into it. I can power off/on and everything starts working.
If your ISP offers you a dynamic IP (i.e outside address via DHCP). I believe you need to use the command ip address dhcp on your outside interface. If you have already done that, then posting your config here can help. You can mask out any private info.
Also, when it happens, Are you able to login into the ASA by console? Or is it just telnet that it not working?
Thanks for looking at this. When it locks up I connot log into the ASA with the ASDM software interface. I cannot ping the ASA. I can login using the telnet console, however I do know now to troubleshoot through the console.
Can't see what it could be. Can you show route before and after it happens?. I'm thinking the route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 might be interfering with the ip address dhcp setroute since the "setroute" keyword autmatically causes the ASA to set the default route using the default gateway given by DHCP from the ISP. Try removing the route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 command.
I did as you suggested, I removed teh route outside. Then I did a show route. Here it is if you would like to see it.
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is x.x.x.193 to network 0.0.0.0
C x.x.x.192 255.255.255.192 is directly connected, outside
C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
C 192.168.0.0 255.255.255.0 is directly connected, inside
d* 0.0.0.0 0.0.0.0 [1/0] via x.x.x.193, outside
As I mentioned earlier, this problem only happens every day or so. I will wait and see if it happens again and keep you updated.