Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA and SSL session reset

Hi

I have an ASA between a client and server hosting an https page.

When I rowse from some subnets all is ok.  I get the page delivered.  The beginning of this capture is below.  The session continues successfully.

1: 13:47:24.578049 10.200.205.42.57648 > 10.192.0.20.443: S 812340862:812340862(0) win 8192 <mss 1260,nop,wscale 2,nop,nop,sackOK>

   2: 13:47:24.579651 10.192.0.20.443 > 10.200.205.42.57648: S 2345509625:2345509625(0) ack 812340863 win 8192 <mss 1380,nop,wscale 8>

   3: 13:47:24.581207 10.200.205.42.57648 > 10.192.0.20.443: . ack 2345509626 win 4410

   4: 13:47:24.584503 10.200.205.42.57648 > 10.192.0.20.443: P 812340863:812341069(206) ack 2345509626 win 4410

   5: 13:47:24.587555 10.192.0.20.443 > 10.200.205.42.57648: P 2345509626:2345509712(86) ack 812341069 win 260

   6: 13:47:24.587555 10.192.0.20.443 > 10.200.205.42.57648: P 2345509712:2345509718(6) ack 812341069 win 260

   7: 13:47:24.587722 10.192.0.20.443 > 10.200.205.42.57648: P 2345509718:2345509771(53) ack 812341069 win 260

However some other clients get a reset when browsing.  That capture is below

1: 21:27:31.347684 10.64.144.10.3608 > 10.192.0.20.443: S 1469452352:1469452352(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,sackOK>
   2: 21:27:31.356930 10.192.0.20.443 > 10.64.144.10.3608: S 3634167830:3634167830(0) ack 1469452353 win 8192 <mss 1380,nop,wscale 8>
   3: 21:27:31.357372 10.64.144.10.3608 > 10.192.0.20.443: . ack 3634167831 win 64000
   4: 21:27:31.357449 10.64.144.10.3608 > 10.192.0.20.443: P 1469452353:1469452527(174) ack 3634167831 win 64000
   5: 21:27:34.309905 10.64.144.10.3608 > 10.192.0.20.443: P 1469452353:1469452527(174) ack 3634167831 win 64000
   6: 21:27:34.309996 10.192.0.20.443 > 10.64.144.10.3608: R 3634167831:3634167831(0) ack 1469452527 win 64000

Probably not ASA related but has anyone seen anything like this ?  The sent window size is very different in each case but don't know if it's related to the issue.

There is a SSM module in the ASA but I have turned off inspection for troubleshooting purposes.

Any input appreciated.

Thanks, Stephen.

Everyone's tags (4)
741
Views
0
Helpful
0
Replies
CreatePlease login to create content