Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Help with HTTP error through ASA

Hi All,

This is the scenario:

Tomcat ---- (in) ASA (out) ---- Internet

                         |

                         |

                   (ecomerce)

                    Apache

Intermittently from the Internet, the people trying to browse the Apache web server gets an ''HTTP 502 Bad gateway'' error.

This Apache server in turns communicate to an internal Tomcat web server.

This problem is intermittent and we can recreate it, if we try enough times to access the webpage.

According to the error, this is cause due to a poor IP communication between the Apache and the Tomcat server.

I think is just a communication problem caused by protocol mismatch or something between the servers (but I need to find out if there's something in the network causing this problem).

I have attached two captures from the ASA:

capecomerce --> is bidirectional IP communication between the Apache and Tomcat servers in the ecomerce interface

capinside --> is bidirectional IP communication between the Apache and the Tomcat servers in the inside interface

I'm struggling with this problem and if somebody could give me a light it will be greatly appreciated!

Note:

The Internet request to the Apache is on TCP port 80 and the communication between the Apache and the Tomcat is on port 8080.

Everything works fine most of the time.

No HTTP inspection being done in the ASA.

Between the Tomcat and the ASA, there's just Layer 2 switches.

The Apache is directly connected on the same subnet of the ecomerce interface of the ASA.

The ASA goes out through an Internet router and a Packet Shaper device.

Thank you,

Federico.

4 REPLIES

Re: Help with HTTP error through ASA

I think you added the wrong files. check them again.

Re: Help with HTTP error through ASA

Hi Diego thank you for looking into this!

But I'm not sure why you say this are the wrong files.

The 172.16.5.40 is the IP of the Tomcat and the 172.16.126.9 is the Apache.

Federico.

Re: Help with HTTP error through ASA

Are these pcap files from the ASA?

I saw something different.

Re: Help with HTTP error through ASA

Yes.

Two files pcap from the ASA (ecomerce and inside) between both servers.

Federico.

651
Views
0
Helpful
4
Replies
CreatePlease to create content