Have been having some strange issues with our ASA5520 with CSC10 and managing director trying to download music from the itunes store to his ipod.
We have two ASA5520 at different locations, one with csc 10 module the other with a aip10
The unit with the ASA5520 with the aip10 module has a similar basic configuration with NAT, VPN etc nothing strange, the asa5520 csc10 again is straight forward configuration with NAT, VPN etc.
The ASA5520AIP10 has no issues with itunes downloads thru the firewall.
The asa5520csc10 has downloaded on the odd occasion, but has problems. Have tried everything from initially thinking it was a filtering option within the trend micro csc setup, but excluded the module which made no difference.
Then I noticed in the logs that there was some deny statements for the request to download for itunes, as follows;
6 Feb 03 2010 12:48:56 302013 188.8.131.52 80 192.168.250.2 2641 Built outbound TCP connection 5018 for OUTSIDE:184.108.40.206/80 (220.127.116.11/80) to INSIDE:192.168.250.2/2641 (xxx.xxx.xxx.xxx/6725)
6 Feb 03 2010 12:48:56 305011 192.168.250.2 2641 xxx.xxx.xxx.xxx 6725 Built dynamic TCP translation from INSIDE:192.168.250.2/2641 to OUTSIDE:xxx.xxx.xxx.xxx/6725
5 Feb 03 2010 12:48:56 304001 192.168.250.2 Accessed URL 18.104.22.168:/eu/r1000/047/Music/60/32/34/mzi.ywqawhpe.aac.a.m4p
6 Feb 03 2010 12:49:26 305012 192.168.250.2 2641 xxx.xxx.xxx.xxx 6725 Teardown dynamic TCP translation from INSIDE:192.168.250.2/2641 to OUTSIDE:xxx.xxx.xxx.xxx/6725 duration 0:00:30
6 Feb 03 2010 12:49:25 106015 22.214.171.124 80 xxx.xxx.xxx.xxx 6725 Deny TCP (no connection) from 126.96.36.199/80 to xxx.xxx.xxx.xxx/6725 flags ACK on interface OUTSIDE
6 Feb 03 2010 12:49:25 302014 188.8.131.52 80 192.168.250.2 2641 Teardown TCP connection 5018 for OUTSIDE:184.108.40.206/80 to INSIDE:192.168.250.2/2641 duration 0:00:29 bytes 366 TCP Reset-I
It would appear from the logs that itunes attempts to build a connection back thru the firewall, but have also seen some deny statements from lots of different IP addresses related to itunes all at the same time.
Any ideas what I am missing, just thrown me a curve when have one asa firewall working fine with no special config, and one that does not cant get my head round it.