11-05-2009 05:58 PM - edited 03-11-2019 09:37 AM
We have a Windows 2003 server running IIS and a custom built ASP.net application on it. Before we switched to an ASA5520 we had a Watchguard Firebox appliance in front of it and all was good. After the switch to the ASA we started getting reports of the application not working correctly. We got the programers to look at it and the said that it seemed to be some problem with the application session state info communication with client machines. Since the application code had not changed I looked at the firewall switch. Sure enough when we run the application from inside the firewall it works as it should. Clients coming in from the outside and thru the ASA have problems. What type of configuration setting should I be lookking for on the ASA to fix this?
Thanks,
Diego
11-06-2009 10:45 AM
It all depends on the application. If it is that the app keeps a conn open more than 1h idle then the ASA will time it out and close it. You can change the connection timeouts for that conn by using class map and a policy map to do "set connection timeout". Here is an example
access-list app-acl ext perm tcp host
class-map app_traffic
match access-list app-acl
policy-map global-policy
class app_traffic
set connection timeout tcp 3:0:0 (timeout of 3 hours)
I hope it helps.
PK
11-06-2009 12:52 PM
I don't think its a connection timeout because the problem shows when users are filling out forms and clicking "submit" or "ok" buttons. They are never sitting idel for more than a couple of seconds actually.
The developers think that somehow the ASA is creating multiple connections and/or sessions for the clients so that when they click submit or ok the application responds to the incorrect session. Does that makes sense?
Rgds,
Diego
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: