Web Traffic being block intermediately

Unanswered Question
Oct 15th, 2009
User Badges:

Hi, we have cisco ASA 5505 FW running in our production environmentand OS version is 8.04. Since we are upgraded the IOS from 7.2 into 8.04, we have been experiencing a strange issue i.e. our production web servers are placed at DMZ zone and by natting its mapped with pubic IP. The http and https ports are opened for outside users to access the website and its working fine but sometimes users are facing an outage on webpage for couple of seconds but it works after 2 seconds. To invesigae the issue, I have installed the firewall log analyzer software and i am looking there are so many packets are being denied for internal web server which is really strange.

Can anyone explain why its happening or is it a bug of 8.04 release.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Thu, 10/15/2009 - 14:32
User Badges:
  • Gold, 750 points or more

If the issue only happened for 2 sec, it might be very hard to catch it. Can you check the following?

1. ASA cpu and memory utilization.

2. related interface to see if there is drop count incrementing.

3. Check the related switch port as well to see if there is drop count incrementing.

ray_stone Fri, 10/16/2009 - 06:02
User Badges:

The ASA CPU and MEMORY utilisation is normal but what do we need to do in order to check the second and third option that you are marked.

Pls. explain the way to test it.


Yudong Wu Fri, 10/16/2009 - 09:11
User Badges:
  • Gold, 750 points or more

"show interface" command on both Cisco switch and ASA should tell you the count. Just check to see if there is any error count incrementing.

If the problem happens for just 2 sec but very often, you can do a packet sniffer as well to see if it is caused by packet drop.

For packet sniffer, you can use "capture" command on ASA or do a span capture on switch...

ray_stone Sat, 10/17/2009 - 04:35
User Badges:


The Web Servers are directly connected with unmanaged switch and that switch is connected with ASA Inside Interface. I have checked the interface status and no packets are being dropped.

One of the issue I would like to explain here i.e. that same site is connected with our office via STS Tunnel and when we do work on remote servers through remote desktop (Tcp/3389) then sometimes rdc disconnects intermediately but after couple of sec again same session gets started.

Please verify what could be an issue? Thanks.

Yudong Wu Tue, 10/20/2009 - 08:26
User Badges:
  • Gold, 750 points or more

As I mentioned early, I would like to suggest you to do the capture/sniffer on both outside and DMZ interface at the same time. By comparing two packet captures, we should know if there is drop in ASA. Then we need check the log, some show command, etc to figure out why the packet was dropped.

I would suggest you to open a case with TAC to troubleshoot this further.


This Discussion