cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1143
Views
0
Helpful
1
Replies

tcp-acked tcp-buffer-timeout inspect http

parkerclark
Level 1
Level 1

I am running an ASA with 8.0(2) code and http inspection enabled globally. For just one internet site in particular, it is virtually impossible to pull up a PDF page through a browser. It hangs up about 40% of the way through the 1.1MB download. I cleared the asp drop counters and put together some captures and was able to determine that the traffic is being dropped for one or both of the following reasons:

(1) tcp-acked - TCP DUP and has been ACKed

(2) tcp-buffer-timeout - TCP Out-of-Order packet buffer timeout

Disabling http inspection globally completely resolved the problem. The asp drops ceased and the PDF page would download perfectly. The problem is, however, that http inspection needs to remain enabled globally.

My task now is to disable http inpection for connections to just one website. I have attempted to use:

class-map WEBSITECM

match access-list WEBSITEIP

policy-map type inspect http WEBSITEPM

parameters

class WEBSITECM

the above config outputs:

ERROR: Specified class type is different from the policy-map type.

Can someone post a good config under the 8.0(2) code that that will accomplish the goal. Is it possible to disable http inspection for just one ip address while otherwise enabling it globally? Can I turn off asp functionality for just one site in any other way?

Thank You

1 Reply 1

jumora
Level 7
Level 7

That is a policy-map type with a none class-map type, type with type none type with none type

Value our effort and rate the assistance!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: