We have a Windows 2003 server running IIS and a custom built ASP.net application on it. Before we switched to an ASA5520 we had a Watchguard Firebox appliance in front of it and all was good. After the switch to the ASA we started getting reports of the application not working correctly. We got the programers to look at it and the said that it seemed to be some problem with the application session state info communication with client machines. Since the application code had not changed I looked at the firewall switch. Sure enough when we run the application from inside the firewall it works as it should. Clients coming in from the outside and thru the ASA have problems. What type of configuration setting should I be lookking for on the ASA to fix this?
It all depends on the application. If it is that the app keeps a conn open more than 1h idle then the ASA will time it out and close it. You can change the connection timeouts for that conn by using class map and a policy map to do "set connection timeout". Here is an example
access-list app-acl ext perm tcp host host
match access-list app-acl
set connection timeout tcp 3:0:0 (timeout of 3 hours)
I don't think its a connection timeout because the problem shows when users are filling out forms and clicking "submit" or "ok" buttons. They are never sitting idel for more than a couple of seconds actually.
The developers think that somehow the ASA is creating multiple connections and/or sessions for the clients so that when they click submit or ok the application responds to the incorrect session. Does that makes sense?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :