I have an FWSM context that we use to secure our Network Management vlan. Vlan 900 is level 100 and vlan 200 is level 0. We use static NAT translations for all devices behind the FWSM. The outside of the FWSM via VLAN 200 connectes to the the rest of our Internetwork. I am able to access everything on our network just fine including all of our Intranet web servers.
Our main firewall is a PIX 515E. THis PIX is the main egress point to the Internet.
My problem is that when I try to get to certain web sites from devices behind the FWSM I have problems getting all of the content and other times I don't get there at all. If I wait a little while I can try again and will usually get the site up. It seems to be worse on highly dynamic websites almost like things are timing out.
Does anyone have any experience running through two firewalls and possible issues?
Hi, first I would assume that you have ruled out any physical issues such as interfaces check on both firewalls as well as both firewalls overall cpu performance and your outbound internet utilization etc..
Was this working fine and began having these symptoms indicated, or is it an on going issue that has not been resolved?
I wander if your problem may be related to DNS inspection, I have seen similar issues but not like yours traversing two firewalls and have found that by either disabling no fixup protocol dns or increasing dns length size have resolved the problem.. have you gone through this path in either trying to increase default length size of 512 for example to 1500 on both firewalls ? or disabling it with " no fixup protocol dns " and see if that makes a difference.. you can always place back defaults entries if it does not resolve the problem and we may then look into other alternatives.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...