Options
A host of problems on remote VPN Endpoint
The ASA5510 remote Endpoint is connected to central through leased line, IPsec VPN.
One of the problems is during a capture of Wireshark, 80% of the packets generated were some sort of all 00.00.0000.0000 'Malformed packets' with FC as the protocol. That could be correlated to why users are experiencing terribly slow connection at times when they are accessing their internal resources i.e. their folders might not be pulled over successfully, basic account login takes a long time, opening a word document takes a long time.
Another problem is the output of sh arp statistics on the VPN Endpoint ASA shows
'Dropped blocks in ARP: 500000+'
I have done a debug arp on the ASA but I have not seen anything instructive as to why that is happening.
It's a complicated mess. I have been troubleshooting this for the last two week and have run out of ideas. The internet suggested a bad NIC could lead to why wireshark is showing 80% 'Malformed packets'. I did show mac address-table on each switch to do find a mac address with all zero's, but I could not find any.
It was also said that Wireshark could simply not interprate the data and that is why it shows as 'Malformed'. I have performed a capture on our core switches in our datacenters which connects through fiber to the distribution switches and I have not seen any 'Malformed packets' on there.
Cross matched show interfaces on VPN Endpoint, with central. No input errors, output errors, ect.
One of the problems is during a capture of Wireshark, 80% of the packets generated were some sort of all 00.00.0000.0000 'Malformed packets' with FC as the protocol. That could be correlated to why users are experiencing terribly slow connection at times when they are accessing their internal resources i.e. their folders might not be pulled over successfully, basic account login takes a long time, opening a word document takes a long time.
Another problem is the output of sh arp statistics on the VPN Endpoint ASA shows
'Dropped blocks in ARP: 500000+'
I have done a debug arp on the ASA but I have not seen anything instructive as to why that is happening.
It's a complicated mess. I have been troubleshooting this for the last two week and have run out of ideas. The internet suggested a bad NIC could lead to why wireshark is showing 80% 'Malformed packets'. I did show mac address-table on each switch to do find a mac address with all zero's, but I could not find any.
It was also said that Wireshark could simply not interprate the data and that is why it shows as 'Malformed'. I have performed a capture on our core switches in our datacenters which connects through fiber to the distribution switches and I have not seen any 'Malformed packets' on there.
Cross matched show interfaces on VPN Endpoint, with central. No input errors, output errors, ect.
“Our greatest glory is not in never falling, but in rising every time we fall.” Confucius