Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA CX - allows traffic through but web page cannot be loaded

Hello there,

I am having this strange issue with the HTTP traffic passing through the firewall. There is no any policies configured on the CX module for web or application filtering however when I reload the CX module or simply put in in "monitor-only" , the traffic is being allowed through the firewall. Also reading the CX events it looks like the traffic is passing through fine. Attaching the screenshot.

The ASA5512-X is runing 9.1.3 software and I am running the tests with the IPSec VPN client as I am not on client's site (all the traffic goes through the FW, no split-tunnel). Once on VPN and accesing a website which initially runs on HTTPS and opens fine, then there are some URLs inside this website and look like they redirect to HTTP and come back to HTTPS (strangly designed portal but needed for production), on the PC I get a security warning of the information not being encrypted. When trying to open one of those URLs and after accpeting the security warning the website looks like keeps loading and loading but nothing happens, and when I disconnect from the VPN this URL opens instaltnly.

On the Wireshark I find this starnge error: [Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)] and this is sent from my PC IP address, not the server. Attached the conversation betwwen my PC and the web server from Wireshark.

What do you think it maybe happening? I need some guidance on analysis of the packet capture and figure out what config on the FW could be blocking those HTTP requests. I desperate to fix this issues and already having few days trying to resolve it.

 

Thanks very much in advance.

Remi

  • Web Security
155
Views
0
Helpful
0
Replies
This widget could not be displayed.