cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
497
Views
0
Helpful
7
Replies

Web Traffic being block intermediately

ray_stone
Level 1
Level 1

Hi, we have cisco ASA 5505 FW running in our production environmentand OS version is 8.04. Since we are upgraded the IOS from 7.2 into 8.04, we have been experiencing a strange issue i.e. our production web servers are placed at DMZ zone and by natting its mapped with pubic IP. The http and https ports are opened for outside users to access the website and its working fine but sometimes users are facing an outage on webpage for couple of seconds but it works after 2 seconds. To invesigae the issue, I have installed the firewall log analyzer software and i am looking there are so many packets are being denied for internal web server which is really strange.

Can anyone explain why its happening or is it a bug of 8.04 release.

Thanks

7 Replies 7

Yudong Wu
Level 7
Level 7

If the issue only happened for 2 sec, it might be very hard to catch it. Can you check the following?

1. ASA cpu and memory utilization.

2. related interface to see if there is drop count incrementing.

3. Check the related switch port as well to see if there is drop count incrementing.

The ASA CPU and MEMORY utilisation is normal but what do we need to do in order to check the second and third option that you are marked.

Pls. explain the way to test it.

Thanks

"show interface" command on both Cisco switch and ASA should tell you the count. Just check to see if there is any error count incrementing.

If the problem happens for just 2 sec but very often, you can do a packet sniffer as well to see if it is caused by packet drop.

For packet sniffer, you can use "capture" command on ASA or do a span capture on switch...

Hello,

The Web Servers are directly connected with unmanaged switch and that switch is connected with ASA Inside Interface. I have checked the interface status and no packets are being dropped.

One of the issue I would like to explain here i.e. that same site is connected with our office via STS Tunnel and when we do work on remote servers through remote desktop (Tcp/3389) then sometimes rdc disconnects intermediately but after couple of sec again same session gets started.

Please verify what could be an issue? Thanks.

Can anyone respond?

Thanks:)

?

As I mentioned early, I would like to suggest you to do the capture/sniffer on both outside and DMZ interface at the same time. By comparing two packet captures, we should know if there is drop in ASA. Then we need check the log, some show command, etc to figure out why the packet was dropped.

I would suggest you to open a case with TAC to troubleshoot this further.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: