Boy does lightening do weird things. Had a bad storm come in last Sunday. When it was all over, the ISP cable modem had link LED’s lit up on ports for which there were no devices even plugged in :-)
PoE switch was no longer providing PoE either – but still correctly making forwarding, filtering, and flooding decisions.
But what was equally strange was the Cisco ASA Firewall would not forward correctly out to the Internet. Everything looked fine. WAN interface was up/up and saw no obvious problems.
After the ISP replaced their cable modem, I turned on a packet capture and pinged the WAN interface of the ASA to verify packets were at least reaching the Firewall. Packets were reaching the Firewall but the Firewall was NOT REPLYING!!!
Below is what it would look like if the Firewall was replying to each of those ICMP echo requests…
Time to call Cisco TAC.
No comments:
Post a Comment