I am running an ASA with 8.0(2) code and http inspection enabled globally. For just one internet site in particular, it is virtually impossible to pull up a PDF page through a browser. It hangs up about 40% of the way through the 1.1MB download. I cleared the asp drop counters and put together some captures and was able to determine that the traffic is being dropped for one or both of the following reasons:
Disabling http inspection globally completely resolved the problem. The asp drops ceased and the PDF page would download perfectly. The problem is, however, that http inspection needs to remain enabled globally.
My task now is to disable http inpection for connections to just one website. I have attempted to use:
match access-list WEBSITEIP
policy-map type inspect http WEBSITEPM
the above config outputs:
ERROR: Specified class type is different from the policy-map type.
Can someone post a good config under the 8.0(2) code that that will accomplish the goal. Is it possible to disable http inspection for just one ip address while otherwise enabling it globally? Can I turn off asp functionality for just one site in any other way?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...