Hi All,

This is the scenario:

Tomcat ---- (in) ASA (out) ---- Internet

                         |

                         |

                   (ecomerce)

                    Apache

Intermittently from the Internet, the people trying to browse the Apache web server gets an ''HTTP 502 Bad gateway'' error.

This Apache server in turns communicate to an internal Tomcat web server.

This problem is intermittent and we can recreate it, if we try enough times to access the webpage.

According to the error, this is cause due to a poor IP communication between the Apache and the Tomcat server.

I think is just a communication problem caused by protocol mismatch or something between the servers (but I need to find out if there's something in the network causing this problem).

I have attached two captures from the ASA:

capecomerce --> is bidirectional IP communication between the Apache and Tomcat servers in the ecomerce interface

capinside --> is bidirectional IP communication between the Apache and the Tomcat servers in the inside interface

I'm struggling with this problem and if somebody could give me a light it will be greatly appreciated!

Note:

The Internet request to the Apache is on TCP port 80 and the communication between the Apache and the Tomcat is on port 8080.

Everything works fine most of the time.

No HTTP inspection being done in the ASA.

Between the Tomcat and the ASA, there's just Layer 2 switches.

The Apache is directly connected on the same subnet of the ecomerce interface of the ASA.

The ASA goes out through an Internet router and a Packet Shaper device.

Thank you,

Federico.