Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
2
Replies

ASA breaks ASP application on IIS

tato386
Level 6
Level 6

‎11-05-2009 05:58 PM - edited ‎03-11-2019 09:37 AM

We have a Windows 2003 server running IIS and a custom built ASP.net application on it. Before we switched to an ASA5520 we had a Watchguard Firebox appliance in front of it and all was good. After the switch to the ASA we started getting reports of the application not working correctly. We got the programers to look at it and the said that it seemed to be some problem with the application session state info communication with client machines. Since the application code had not changed I looked at the firewall switch. Sure enough when we run the application from inside the firewall it works as it should. Clients coming in from the outside and thru the ASA have problems. What type of configuration setting should I be lookking for on the ASA to fix this?

Thanks,

Diego

Labels:
0 Helpful
2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

‎11-06-2009 10:45 AM

It all depends on the application. If it is that the app keeps a conn open more than 1h idle then the ASA will time it out and close it. You can change the connection timeouts for that conn by using class map and a policy map to do "set connection timeout". Here is an example

access-list app-acl ext perm tcp host host

class-map app_traffic

match access-list app-acl

policy-map global-policy

class app_traffic

set connection timeout tcp 3:0:0 (timeout of 3 hours)

I hope it helps.

PK

0 Helpful

tato386
Level 6
Level 6
In response to Panos Kampanakis

‎11-06-2009 12:52 PM

I don't think its a connection timeout because the problem shows when users are filling out forms and clicking "submit" or "ok" buttons. They are never sitting idel for more than a couple of seconds actually.

The developers think that somehow the ASA is creating multiple connections and/or sessions for the clients so that when they click submit or ok the application responds to the incorrect session. Does that makes sense?

Rgds,

Diego

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card