cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1186
Views
0
Helpful
4
Replies

DNS Resolution Failure

GClarkeEQLS
Level 1
Level 1

Wondering if someone could assist. Recently (well for a few months now) we have noticed that when connected to our corporate VPN, certain websites, webservices (AWS / API calls) are failing and require manual refresh to work. In the case of websites, users have to manually refresh for the site to load, if no action is taken, the site never loads. What we have observed is in some instances, DNS fails to resolve and in others, TLS handshake hangs. Will try to provide some trace dumps later but has anyone experienced this before?

ASA version - 9.12.3

Thanks

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Not that we aware, you need to enable debug and see if you see any issue on ASA , also depends on Model - if you get chance and latest code available upgrade and check.

or contact TAC for investigation.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The content of this message was removed 

Hi

 Take a look on Packet inspection on ASA. If you do have packet inspection, remove it and test. If you dont have it, try to add it and test. Sounds like guessing but I´ve seeing both scenarios with problem.

Also take a look in MTU size. MTU silently disrupt communication like this, specially TLS that usually uses larger packets when exchanging certificates.

Last but not least, take a look on the NAT. People often change NATs pools and cause problem like this.

GClarkeEQLS
Level 1
Level 1

@balaji.bandi @Flavio Miranda @quicker_cdets_api - thanks you all for your feedback - sorry for lack of comms here, been busy with other projects. I will take some time to review your suggestions and let you know.

Thanks.