PIX 6.3 to ASA 7.21 migration breaks some https connections
We have a number of customers who cannot properly transmit files to use via HTTPS since we moved from the PIX 6.X to the ASA 7.X system.
The servers in question are connected to a CSS 11051. When we moved to the ASA, a small but significant number of customers using Linksys BEFSR81 and BEFSX41 routers are unable to transmit files to us via HTTPS. They can connect, and they can retrieve files from us, but when they transmit data using the call HttpEndRequest the connection times our with error 12002. I turned off NAT-Control but no luck.
This has impacted enough customers to generate concern in upper management. Does anyone have any idea why the ASA would behave differently than the PIX 6.X, and is there a way to correct it on the ASA so that these connections can be completed. We can't ask this many customers to change out the SOHO firewalls to accomodate our changing our own firewll.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...