I have an ASA and connection to the internet. I'm currently having problems with connectivity to a server which dishes out WMP DRM licenses. I read the 'known problem' relating to the MSS but this doesn't seem to be the problem as the values stated in the SYN and SYN-ACK's via an Etheral capture on my laptop look OK. The server responds after the HTTP GET with a HTTP 500 error. I've tried the same site/license HTTP string on my home broadband with a PIX and all works a treat. Any suggestions or next steps? Cheers
During a succesful conection to the server an Etheral capture shows that the server responded to the HTTP get with a "(TCP previous segment lost), continuation or non HTTP traffic" which contained half of my HTTP web address string. Then a duplictae ACK is sent from the client, then the server responds with a TCP re-transmission of the 'HTTP found' command. This happen EVERY time, I guess this is the source of the problem as the ASA must not like this duplication/retransmission.
You can see if the o-o-o packets are causing your issue by looking at the 'show asp drop' command. There is a counter called Out of order packet buffer full. If this counter increments quickly, you need to increase the number of buffers. Here is an explanation on how to change the buffer size:
1) Define an access-list for interesting traffic:
access-list tcp-queue-limit extended permit tcp any any eq 80
access-list tcp-queue-limit extended permit tcp any eq 80 any
access-list tcp-queue-limit extended permit tcp any any eq 443
access-list tcp-queue-limit extended permit tcp any eq 443 any
This only defines it for port 80 and 443 traffic.
2) Define your tcp-map:
3) Define a class map:
match access-list tcp-queue-limit
4) now match everything up in your policy map that is/will be applied globally:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...