04-19-2007 07:05 AM - edited 03-11-2019 03:01 AM
Hello, I have an issue with a newly configured ASA firewall (running v7).
From a client machine (using the ASA as the default gateway) I can download files from sites that use FTP but not from sites that use http. However, if I use Firefox (rather than Internet Explorer) I can download from FTP and HTTP without issue. General browsing works fine in all scenarios.
If I enter our proxy server details into Internet Explorer - downloading is fine also. I want to move away from this config though as the ISA proxy server is in the process of being decomissioned.
Please help
04-22-2007 02:54 AM
hello,
if you can post your config it will help solving your issue quickly.
04-23-2007 02:43 AM
04-23-2007 03:06 AM
have you tried putting the inspect on http traffic
04-23-2007 04:10 AM
Thanks for the reply. I've added the 'inspect http' command to the global policy but alas it's made no difference.
04-24-2007 12:58 AM
it seems to me that you are facing a problem with the tcp MSS, I think that your asa is dropping packets that exceed the mss advertized on the handshake phase, you can add the follwoing code to solve it:
access-list http-list permit tcp any host server_ip eq 80
class-map http
match access-list http-list
tcp-map tmap
exceed-mss allow
policy-map global_policy
class http
set connection advanced-options tmap
04-24-2007 01:28 AM
I'm afraid that makes no difference either (just hangs on the 'file download' box)
04-30-2007 12:35 AM
Any more takers? I can't turn off ISA until I have a resolution to this. Thanks.
04-30-2007 06:33 AM
More info - it actually seems to be related to certain sites rather than protocols i.e. I can download from HP and Dell websites but not Microsoft (though automatic updates is working)
05-01-2007 11:41 PM
Even more info. We use websense to filter URLs and turning off the filtering enables downloading without issue. I'll need to do a bit more digging into why this is.
05-02-2007 12:18 PM
We ran into this, too; it appears to be a bug with the Websense integration in earlier 7.x releases. Upgrading from 7.1(2) to 7.2(2) fixed it for us.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: