Hi Bro

What websites are slow when your LAN users are accessing them? It’s common knowledge that some websites, such as banks, online shopping sites, or other special purpose servers that require extra backend processing before responding to a client request.

Not many people know this, bu the CSC SSM has a non-configurable, 90-second timeout between the client request and the server response to prevent transactions from tying up resources on the CSC SSM for too long. This means that transactions that take a longer time to process will fail.

The workaround is to exclude the site from scanning.

For example, for a site on the outside network with the IP address, 202.188.5.43:

!

access-list 101 remark ### exempt http traffic inspection by CSC SSM to 202.188.5.43 ###

access-list 101 deny tcp any host 202.188.5.43 eq http

access-list 101 remark ### inspection all other traffic ###

access-list 101 permit tcp any eq http

!

class-map my_csc_class

match access-list 101

!

policy-map my_csc_policy

class my_csc_class

csc fail-open

!

service-policy my_csc_policy interface inside

!

Furthermore, you could also perform packet capture;

access-list cap_acl permit tcp any host 202.188.5.43

access-list cap_acl permit tcp host 202.188.5.43 any

capture cap access-list cap_acl interface inside

OR

capture csc_cap interface asa_dataplane OR cplane

P/S: If you think this comment is useful, please do rate them nicely :-)