Web Traffic being block intermediately

Unanswered Question
Oct 15th, 2009

Hi, we have cisco ASA 5505 FW running in our production environmentand OS version is 8.04. Since we are upgraded the IOS from 7.2 into 8.04, we have been experiencing a strange issue i.e. our production web servers are placed at DMZ zone and by natting its mapped with pubic IP. The http and https ports are opened for outside users to access the website and its working fine but sometimes users are facing an outage on webpage for couple of seconds but it works after 2 seconds. To invesigae the issue, I have installed the firewall log analyzer software and i am looking there are so many packets are being denied for internal web server which is really strange.

Can anyone explain why its happening or is it a bug of 8.04 release.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Thu, 10/15/2009 - 14:32

If the issue only happened for 2 sec, it might be very hard to catch it. Can you check the following?

1. ASA cpu and memory utilization.

2. related interface to see if there is drop count incrementing.

3. Check the related switch port as well to see if there is drop count incrementing.

ray_stone Fri, 10/16/2009 - 06:02

The ASA CPU and MEMORY utilisation is normal but what do we need to do in order to check the second and third option that you are marked.

Pls. explain the way to test it.

Thanks

Yudong Wu Fri, 10/16/2009 - 09:11

"show interface" command on both Cisco switch and ASA should tell you the count. Just check to see if there is any error count incrementing.

If the problem happens for just 2 sec but very often, you can do a packet sniffer as well to see if it is caused by packet drop.

For packet sniffer, you can use "capture" command on ASA or do a span capture on switch...

ray_stone Sat, 10/17/2009 - 04:35

Hello,

The Web Servers are directly connected with unmanaged switch and that switch is connected with ASA Inside Interface. I have checked the interface status and no packets are being dropped.

One of the issue I would like to explain here i.e. that same site is connected with our office via STS Tunnel and when we do work on remote servers through remote desktop (Tcp/3389) then sometimes rdc disconnects intermediately but after couple of sec again same session gets started.

Please verify what could be an issue? Thanks.

Yudong Wu Tue, 10/20/2009 - 08:26

As I mentioned early, I would like to suggest you to do the capture/sniffer on both outside and DMZ interface at the same time. By comparing two packet captures, we should know if there is drop in ASA. Then we need check the log, some show command, etc to figure out why the packet was dropped.

I would suggest you to open a case with TAC to troubleshoot this further.

Actions

This Discussion