Troubleshoot dropped TCP-443 connections on PIX

Unanswered Question
vilaxmi Wed, 01/20/2010 - 22:15
User Badges:
  • Cisco Employee,


SInce your issue is intermittent, I would suggest you to set up capturess (By far the best troubleshooting tool) for interesting traffic and then export the binary captures using ASDM and then analyse them using network analyser like Wireshark (

Here is how you can setup captures :

You can get binary captures (PROVIDED you have ASDM access enabled for inside ifc of ASA) :


Try to use packet length 1522 or above , since in  usual packet captures you can only see first 68 bytes of data i.e. packets get truncated. Here is an example :

capture capout access-list test packet-len 1522 interface outside

Also, you can check service-policy and ASP drops for further troubleshooting.



Ganesh Hariharan Thu, 01/21/2010 - 02:50
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

intermittent 443 connection issues to ASP.  I am looking for best
debugging tips for TCP which output would be directed to syslog
server.  Any suggestions??  


As per your query you need to capture packets in firewall interface as suggested by Vijaya then only you can identify the exact problem for dropping of TCP port 443 and also just check that TCP port 443 is working properly at the remote host or not.

Check out the below link for captureing the packets

If helpful do rate the valuable post.




This Discussion