Don’t get me wrong, I love my little ASA 5505 especially with the Security plus license enabling me to have 20 VLANs. As they say a house with less than ten VLANs is like a body without a soul. However I’ve had some issues with the little fellow. As I’ve mentioned earlier there was an issue where my ISP wasn’t following the RFC for DHCP to the result that my ASA 5505 couldn’t get a DHCP lease, after talking with Cisco they quickly sent me a patch with a workaround and later published a new version of the ASA software.
Since then I’ve noticed that every once in a while my Internet connection would die. The first times it happened I thought it was just my ADSL connection acting up. However I noticed when running a “show route” from the ASA that I didn’t have a default gateway, making IP communication somewhat hard.
The strange part was that I was able to ping my default gateway, so the link was up.
I noticed that this would happen just after the Cisco ASA was trying to renew it’s dhcp lease. (“show ip address OUTSIDE dhcp lease”)
The strange part was it was so inconsistent it sometimes it could take days before it happened and some days it would happen several times during the day. I was planning on addressing the problem for quite some time but whenever it happened I was always occupied with something more important so I just did a “shutdown” and “no shutdown” on the outside interface and I would have my connection again. Another workaround is to set a static default gateway address, though this wouldn’t remove the problem the down time was much less.
With a static route the Internet connection would die for about 100 seconds instead of having to wait for the next DHCP renewal which in my case is 30 minutes.
In the end I got around to contacting Cisco to report this strange behavior.
Lessons learned; I love Cisco, since the command line is so powerful using a Cisco device lets me figure out what the problem actually is which is great compared to other firewalls you would see in a home network environment.
Another thing I love about Cisco is that they will setup and test this in their lab until they find the problem. Soon after contacting them they confirmed there was a problem. I want all vendors to do that!
The fix is now published on their site so if you’re experiencing this problem you should upgrade to 8.0(3).