https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686018#M193689 <P>Are you using ScanSafe or any other type of URL filtering?</P><P>The TCP Reset-O flag indicates that the ASA is receiving the TCP-reset.&nbsp; I agree with Vibhor that you should take a look at either the server or any URL filters if you are using any.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Sat, 18 Jul 2015 06:56:24 GMT Marius Gunnerud 2015-07-18T06:56:24Z https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686016#M193686 <P>We're having an issue with a server behind an ASA 5505 not being able to access SOME https websites, for example, <A href="https://cloudcare.avg.com" target="_blank">https://cloudcare.avg.com</A>.</P><P>We have moved the server directly to the WAN and can access the website there so we believe this to be an ASA issue.</P><P>&nbsp;</P><P>ASDM Log when we try to open the connection on the server to <A href="https://cloudcare.avg.com" target="_blank">https://cloudcare.avg.com</A> (IP:<SPAN style="color: rgb(34, 34, 34); font-family: verdana, arial, helvetica, sans-serif; font-size: 14px; background-color: rgb(250, 250, 250);">204.193.144.91)</SPAN>&nbsp;<A href="http://pastebin.com/eZN7X6uh" target="_blank">http://pastebin.com/eZN7X6uh</A></P><P>Packet Tracer results:&nbsp;<A href="http://pastebin.com/MS7Q1XEA" target="_blank">http://pastebin.com/MS7Q1XEA</A></P><P>Show version:&nbsp;<A href="http://pastebin.com/xe6RdhGc" target="_blank">http://pastebin.com/xe6RdhGc</A></P><P>&nbsp;</P><P>Any advice or suggestions would be greatly appreciated.</P><P>&nbsp;</P> Tue, 12 Mar 2019 06:17:05 GMT https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686016#M193686 ben.yarwood 2019-03-12T06:17:05Z https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686017#M193688 <P>Hi,</P><P>I think the log shows the issue is on the server end that this is denying the connection from your internal hosts which you can see by all these RESET-O logs:-</P><P>6|Jul 17 2015|08:01:25|302014|204.193.144.91|443|10.200.200.2|52233|Teardown TCP connection 74078 for outside:204.193.144.91/443 to inside:10.200.200.2/52233 duration 0:00:00 bytes 266 TCP Reset-O</P><P>I think this might be something related to the SSL handshake between the server and the client.</P><P>You can apply captures on the ASA device interfaces and check the traces.</P><P>Also , as a test , what happens if you access the same servers from the clients which are dynamically natted on the ASA device ?</P><P>Also , you would recommend you to change this NAT as (any,any) is not recommended and it should have the name of the interface specifically :-</P><P>object network server<BR />&nbsp;nat (any,any) static 999.999.999.999</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P><P>&nbsp;</P> Sat, 18 Jul 2015 05:14:35 GMT https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686017#M193688 Vibhor Amrodia 2015-07-18T05:14:35Z https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686018#M193689 <P>Are you using ScanSafe or any other type of URL filtering?</P><P>The TCP Reset-O flag indicates that the ASA is receiving the TCP-reset.&nbsp; I agree with Vibhor that you should take a look at either the server or any URL filters if you are using any.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Sat, 18 Jul 2015 06:56:24 GMT https://community.cisco.com/t5/network-security/cisco-asa-5505-cannot-access-some-https-websites/m-p/2686018#M193689 Marius Gunnerud 2015-07-18T06:56:24Z