Hi, we have cisco ASA 5505 FW running in our production environmentand OS version is 8.04. Since we are upgraded the IOS from 7.2 into 8.04, we have been experiencing a strange issue i.e. our production web servers are placed at DMZ zone and by natting its mapped with pubic IP. The http and https ports are opened for outside users to access the website and its working fine but sometimes users are facing an outage on webpage for couple of seconds but it works after 2 seconds. To invesigae the issue, I have installed the firewall log analyzer software and i am looking there are so many packets are being denied for internal web server which is really strange.
Can anyone explain why its happening or is it a bug of 8.04 release.
The Web Servers are directly connected with unmanaged switch and that switch is connected with ASA Inside Interface. I have checked the interface status and no packets are being dropped.
One of the issue I would like to explain here i.e. that same site is connected with our office via STS Tunnel and when we do work on remote servers through remote desktop (Tcp/3389) then sometimes rdc disconnects intermediately but after couple of sec again same session gets started.
As I mentioned early, I would like to suggest you to do the capture/sniffer on both outside and DMZ interface at the same time. By comparing two packet captures, we should know if there is drop in ASA. Then we need check the log, some show command, etc to figure out why the packet was dropped.
I would suggest you to open a case with TAC to troubleshoot this further.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...