Hello, I have an issue with a newly configured ASA firewall (running v7).
From a client machine (using the ASA as the default gateway) I can download files from sites that use FTP but not from sites that use http. However, if I use Firefox (rather than Internet Explorer) I can download from FTP and HTTP without issue. General browsing works fine in all scenarios.
If I enter our proxy server details into Internet Explorer - downloading is fine also. I want to move away from this config though as the ISA proxy server is in the process of being decomissioned.
Thanks for the reply. I've added the 'inspect http' command to the global policy but alas it's made no difference.
it seems to me that you are facing a problem with the tcp MSS, I think that your asa is dropping packets that exceed the mss advertized on the handshake phase, you can add the follwoing code to solve it:
access-list http-list permit tcp any host server_ip eq 80
match access-list http-list
set connection advanced-options tmap
More info - it actually seems to be related to certain sites rather than protocols i.e. I can download from HP and Dell websites but not Microsoft (though automatic updates is working)
Even more info. We use websense to filter URLs and turning off the filtering enables downloading without issue. I'll need to do a bit more digging into why this is.
We ran into this, too; it appears to be a bug with the Websense integration in earlier 7.x releases. Upgrading from 7.1(2) to 7.2(2) fixed it for us.