03-27-2023 11:26 PM
Wondering if someone could assist. Recently (well for a few months now) we have noticed that when connected to our corporate VPN, certain websites, webservices (AWS / API calls) are failing and require manual refresh to work. In the case of websites, users have to manually refresh for the site to load, if no action is taken, the site never loads. What we have observed is in some instances, DNS fails to resolve and in others, TLS handshake hangs. Will try to provide some trace dumps later but has anyone experienced this before?
ASA version - 9.12.3
Thanks
03-28-2023 02:58 AM
Not that we aware, you need to enable debug and see if you see any issue on ASA , also depends on Model - if you get chance and latest code available upgrade and check.
or contact TAC for investigation.
03-28-2023 03:36 AM - last edited on 04-07-2023 12:37 PM by Tyler Langston
The content of this message was removed
03-28-2023 03:48 AM
Hi
Take a look on Packet inspection on ASA. If you do have packet inspection, remove it and test. If you dont have it, try to add it and test. Sounds like guessing but I´ve seeing both scenarios with problem.
Also take a look in MTU size. MTU silently disrupt communication like this, specially TLS that usually uses larger packets when exchanging certificates.
Last but not least, take a look on the NAT. People often change NATs pools and cause problem like this.
04-02-2023 03:18 PM
@balaji.bandi @Flavio Miranda @quicker_cdets_api - thanks you all for your feedback - sorry for lack of comms here, been busy with other projects. I will take some time to review your suggestions and let you know.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide