topic Re: Facing an Issue with one website in Network Security

Facing an Issue with one website

samirshaikh52 — Mon, 11 Mar 2019 22:14:23 GMT

Hello Experts,

I'm facing a weird problem and I was tired as i try all my best to solve the issue.

I'm facing a problem accessing 1 medical website.It works for 5 minutes and stopped working.

If I connect a laptop directly to my router and assign public ip it works and download from the website with no issue. BUt if i connect this laptop to my internal network behind asa I face issues. I can browse other websites without problemsFor more info I've inbuilt IPS with ASA.

I'm sure something internally having problem.

Please help me

Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 18:55:10 GMT

Hello Samir,

So even if you do not use the IPS module on the ASA you still have the issue.

Hmm do you have any logs while the connection gets closed, next thing will be to do a capture.

Also when you connect the pc directly connected what ip address does the PC uses? Is the same as the one that it uses while he goes to the outside using the ASA or its a different one?

Regards,

Julio

Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:05:33 GMT

Hi Julio,

Thanks for your fast response.

I havent tried without IPS.

How can I do caputring ?

I uses different IP on a pc other than used by ASA.

Thanks.

Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 19:09:54 GMT

Hello,

Ok, lets do something first,

As a test using the ASA, please make a static translation on the ASA from that pc to the other ip that is using when the ASA is not there

static (inside,outside) public_ip private_ip

And give it a shot

Julio

Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:18:11 GMT

Hi Julio,

I tried other public ip as nating but still the same. I cane browse other website successfully.

Samir

Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:29:05 GMT

Just to confirm I did lookup by visiting the website whatismyip.com.

Samir

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:31:27 GMT

One more thing I've noted that once I start downloading the medical files from site then the website and download stops working.

Download reached to 2-5 % and get interrupted.

Samir

Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 19:38:28 GMT

Hello Samir,

Ok, can you take out that nat statement that you just added and used the old one but this time lets bypass the IPS and give it a try,

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:39:48 GMT

Please advise me how i can bypass IPS.

Thanks

Re: Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 19:42:30 GMT

Hello Samir,

You send all the traffic to the IPS by using MPF, so can a see the show run policy-map? and show run class-map

Regards,

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:48:30 GMT

HI,

ASA-5520# sh running-config class-map

class-map ips_class

match access-list CSM_TF_ACL_IPS__1

class-map inspection_default

match default-inspection-traffic

ASA-5520# sh running-config policy-map

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

class ips_class

ips inline fail-open

Samir

Re: Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 19:50:28 GMT

Hello,

add the following

access-list CSM_TF_ACL_IPS__1 line 1 deny tcp host x.x.x.x ( private ip address test PC) any eq 80

access-list CSM_TF_ACL_IPS__1 line 2 deny tcp host x.x.x.x ( private ip address test PC) any eq 443

Regards,

Julio

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 19:51:56 GMT

hi,

please can you tell me what this command will do ?

Thanks

Re: Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 19:56:34 GMT

Hello,

Sure ! The connections being innitiated from that host going to port 80 or 443 will not be inspected by the IPS!

That is all

Rate post that help!

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 20:07:49 GMT

Until now the download has reached to 30 % there seemd to be progress. So what could be the issue Is there any alternative solution instead of bypassing IPS.

Thanks.

Samir

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 20:12:01 GMT

As this website will used by many users in my organization and I cannot let http and https bypassing IPS. Your further help will be highly appreciated.

Thank you very much.

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 20:18:45 GMT

Hi,

The download was successfull completed. Please help me further to solve this problem permanently from the IPS.

I really appreciated your help.

Samir.

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 20:31:30 GMT

Any suggestions.

Samir

Re: Facing an Issue with one website

Julio Carvajal — Sat, 14 Jan 2012 21:34:48 GMT

Hello Samir,

There got to be something with that particular website that is making a signature on the IPS to reset or drop the connection, in this case we will need to make captures and troubleshoot the IPS module to see what is going on.

The workaround on this would be to instead of this:

access-list CSM_TF_ACL_IPS__1 line 1 deny tcp host x.x.x.x ( private ip address test PC) any eq 80

access-list CSM_TF_ACL_IPS__1 line 2 deny tcp host x.x.x.x ( private ip address test PC) any eq 443

Use this:

access-list CSM_TF_ACL_IPS__1 line 1 deny tcp any host website_ip eq 80

access-list CSM_TF_ACL_IPS__1 line 2 deny tcp any host website_ip eq 443

With this, the only tcp port 80 and 443 that will be bypassed will be the one going to that particular website.

You can do a nslookup to get the ip address of the remote site.

Hope I helped you on this

Julio

Rate posts that helps you

Re: Facing an Issue with one website

samirshaikh52 — Sat, 14 Jan 2012 21:40:08 GMT

Hi Julio,

Firstly thank you very much for your help I really appreciate.

access-list CSM_TF_ACL_IPS__1 line 1 deny tcp any host website_ip eq 80

access-list CSM_TF_ACL_IPS__1 line 2 deny tcp any host website_ip eq 443

Thanks once again. Have a nice time.