dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1450
share rss forum feed


aight

join:2001-12-18
Lafox, IL

Any Cisco ASA Guru here

I noticed last week that our ASA5510 was flapping (switching between the primary and secondary circuits) The only time I have ever seen this was due to a loose patch cable, interface going bad, power going bad, etc (usually layer 1 related issues). I opened up a TAC case w/ Cisco and their CCIE security god said that a public DNS (4.2.2.3) was reported to Cisco to be having issues earlier in the week.

He suggested that I change the DNS I was using on our firewall from 4.2.2.3 to --> 8.8.8.8 I'm like WTF??? Are you serious???

To my surprise, his suggestion worked!!!! Now, I'm more confused than ever ... I'm a freegin CCNP and I have never seen or heard of anything like this in all my Networking experience or studies.

Anyone ever seen this before? I googled his solution and found nada.
--
You can say any foolish thing to a dog, and the dog will give you a look that says, 'My God, you're right! I never would've thought of that!'



Paulg
Displaced Yooper
Premium
join:2004-03-15
Neenah, WI
kudos:1

Are you sure you changed the DNS server? It sounds more like you changed the object being tracked by the SLA.

Mind sharing the exact changes made?


cmslick3

join:2004-05-24
Joliet, IL
reply to aight

Does the ASA use the DNS server to verify if the connection is up? Sounds like that's what is happening.

I'm no expert, but on all of our system we use 8.8.8.8 as primary DNS, and 4.2.2.4 as secondary. We do not have any kind of failover setup.



Paulg
Displaced Yooper
Premium
join:2004-03-15
Neenah, WI
kudos:1

Failover is accomplished on an ASA through the use of SLA responders, not DNS. However, 4.2.2.2, 8.8.8.8 and the like as targets for these responders.