I am testing out some inspection options on an ASA 5505, and I am running into a situation in which applying a http inspection is dropping all outbound http traffic. I get a "protocol violation" error in the logs.
Here is the setup: I'm not sure why the web traffic is getting dropped. Maybe I am missing something?
The thing is that the ASA is going to do a deep packet inspection for the HTTP traffic, if you do want to know
why the ASA is dropping the packets you will need to take captures on the ASA for that particular traffic and then check the RFC and analize the reason of why the packets are getting dropped.
The configuration is fine, that is why you are getting the drops....The ASA is taking into consideration the layer 7 policy map for the HTTP protocol.
I would not use the inspect HTTP into the ASA as this additional inspection might add some latency problems to the end-users and if I add another security layer as the layer 7 inspection then you will need to make sure the HTTP packets are perfect as with just one violation on the packet this one will get dropped.
Do rate all the helpful posts
Looking for some Networking Assistance?
Contact me directly at firstname.lastname@example.org
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...