Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

HTTP connection loss

Ok, my knowledge is limited, that's why I'm here

We have an ASA 5510 with CSC module and have been having trouble for a few months.  Just about daily, our Internet connection would stop.  It turned out that only http connections would stop, while https connections were fine.  Ok, so the problem seems to be the CSC.  If I disable the CSC, we don't have problems.  In talking with Cisco, I was told to upgrade to the latest software for our CSC and ASA, in a specific order (can't just go to the latest in one shot).

Current software version for ASA: 7.2(1)

Current software version for CSC: 6.1.1569.0

So, I uploaded the next patch for the CSC as 6.2.1599.0 (using a pkg patch).  It uploaded fine and if I look at the latest patches, it shows that one.  However, the software version that it shows has not changed, and 2 things happened:

1) Our Internet went out.  I had to "disable" the CSC again to get it back.  By "disable" I have issued these commands to take out the ACL that matches traffic to the CSC: "class-map CSC_cm" AND no "match access-list CSC_acl"

2) The CSC went from being down and unavailable to up and available, but it is not checking any of the traffic.

And now, I can't continue to put the next patch, because I get a message saying that this patch (6.2.1599.6) needs to be uploaded onto at least 6.2.1599.0, which mine is only 6.1.1569.0!

What can I do at this point?  I thought of trying a reimage with a full version of 6.2.1599.0 (or earlier to start over), but what will that do?  Will I lose my configuration?  Like I said, I'm very much a novice when it comes to Cisco setup.

I am not getting any more response from Cisco, so I wanted to try here.



Everyone's tags (3)
Cisco Employee

Re: HTTP connection loss

I would suggest going here and go incrementally csc6.1.1569.2.pkg, then csc6.1.1587.0.pkg, then csc6.2.1599.0.pkg and then csc6.2.1599.6.pkg.

You can remove the ASA from sending http traffic through the CSC (in the ASA csc acl) while you are upgrading in order to avoid potential problems.

To re-image you can follow but you will lose your config. You can export it as explained in the link, but from such early versions as 6.1 you might have issues importing it back.

I hope it helps.


CreatePlease to create content