Help with HTTP error through ASA

Unanswered Question
Aug 10th, 2010
User Badges:
  • Green, 3000 points or more

Hi All,


This is the scenario:


Tomcat ---- (in) ASA (out) ---- Internet

                         |

                         |

                   (ecomerce)

                    Apache


Intermittently from the Internet, the people trying to browse the Apache web server gets an ''HTTP 502 Bad gateway'' error.


This Apache server in turns communicate to an internal Tomcat web server.

This problem is intermittent and we can recreate it, if we try enough times to access the webpage.


According to the error, this is cause due to a poor IP communication between the Apache and the Tomcat server.


I think is just a communication problem caused by protocol mismatch or something between the servers (but I need to find out if there's something in the network causing this problem).


I have attached two captures from the ASA:

capecomerce --> is bidirectional IP communication between the Apache and Tomcat servers in the ecomerce interface

capinside --> is bidirectional IP communication between the Apache and the Tomcat servers in the inside interface


I'm struggling with this problem and if somebody could give me a light it will be greatly appreciated!


Note:

The Internet request to the Apache is on TCP port 80 and the communication between the Apache and the Tomcat is on port 8080.

Everything works fine most of the time.

No HTTP inspection being done in the ASA.

Between the Tomcat and the ASA, there's just Layer 2 switches.

The Apache is directly connected on the same subnet of the ecomerce interface of the ASA.

The ASA goes out through an Internet router and a Packet Shaper device.


Thank you,


Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 08/23/2010 - 13:56
User Badges:
  • Green, 3000 points or more

Hi Diego thank you for looking into this!


But I'm not sure why you say this are the wrong files.


The 172.16.5.40 is the IP of the Tomcat and the 172.16.126.9 is the Apache.


Federico.

Diego Armando C... Mon, 08/23/2010 - 14:00
User Badges:
  • Bronze, 100 points or more

Are these pcap files from the ASA?


I saw something different.

Federico Coto F... Mon, 08/23/2010 - 14:05
User Badges:
  • Green, 3000 points or more

Yes.

Two files pcap from the ASA (ecomerce and inside) between both servers.


Federico.

Actions

This Discussion