We have a new ASA 5510 appliance that we are using in a fairly simple environment. We have an internal server that is hosting a variety of interface applications that work with our resort's lodging software. There are several interfaces that are operating correctly and connecting to external (Internet) services such as Expedia. Our credit card processor interface, however, is having problems.
The vendor originally told us that all we need to do is create an access rule that opens up port 443 for incoming traffic from their web server: XXX.XXX.190.218. We did this, yet their test application keeps failing. For the sake of argument, they had me temporarily bypass the firewall and the service worked. The issue was elevated to their senior engineer, and he said that the culprit is most likely SPI (Stateful Packet Inspection), which their service is incompatible with. He instructed me to disable it for that access rule.
I see that there is some level of packet inspection under the Service Policy Rules screen, but it appears that port 443 is not being inspected by default, and frankly, I don't even think it is possible to inspect port https. Can anyone tell me how I can make sure that SPI si turned off for that application? Is SPI the culprit, or are there some troubleshooting steps I can take to identify the root cause? I'd be happy to answer any clarification questions that you may have.
Thanks in advance for any replies!
By any chance do you have a websense server or some kind of filter/IDS on the inside? I have seen that kind of traffic pattern when there is a websense server that is monitorring traffic in a promiscuos mode. Those kind of filters will simply spoof a reset if they see https traffic they do not like. - magnus
Posted from my mobile device.