Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6119
Views
0
Helpful
18
Replies

503 Service Unavailable through CSC-SSM

robert.mehrer
Level 1
Level 1

‎09-10-2010 11:40 AM - edited ‎03-11-2019 11:38 AM

Im stumped! we have one website that we use ALL the time. Sometimes it works sometimes it doesnt.

www.cutr.usf.edu its a good URL it works on any other device not behind the ASA.

When we navigate to it, it displays 503 service unavailable  Unable to connect to 131.247.19.33.

i can see it building and tearing down the connection. TCP FINs looks normal but this is what we get. It may work fine for a while then not. last time i started putting www in front of the url and now nothing works.  Any ideas?

error.PNG

6Sep 10 201014:34:27302014131.247.19.3380192.168.1.365129Teardown TCP connection 11045881 for WAN:131.247.19.33/80 to LAN:192.168.1.36/5129 duration 0:00:00 bytes 277 TCP FINs

6Sep 10 201014:34:27302013131.247.19.3380192.168.1.365129Built outbound TCP connection 11045881 for WAN:131.247.19.33/80 (131.247.19.33/80) to LAN:192.168.1.36/5129 (74.203.134.30/4520)

6Sep 10 201014:34:27305011192.168.1.36512974.203.134.304520Built dynamic TCP translation from LAN:192.168.1.36/5129 to WAN:74.203.134.30/4520

6Sep 10 201014:34:24302014131.247.19.3380192.168.1.365127Teardown TCP connection 11045875 for WAN:131.247.19.33/80 to LAN:192.168.1.36/5127 duration 0:00:00 bytes 277 TCP FINs

6Sep 10 201014:34:24302013131.247.19.3380192.168.1.365127Built outbound TCP connection 11045875 for WAN:131.247.19.33/80 (131.247.19.33/80) to LAN:192.168.1.36/5127 (74.203.134.30/51059)

6Sep 10 201014:34:24305011192.168.1.36512774.203.134.3051059Built dynamic TCP translation from LAN:192.168.1.36/5127 to WAN:74.203.134.30/51059

Trend Micro InterScan for Cisco CSC SSM 6.3.1172.3

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 53 days 2 hours
Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   :  CN1000-MC-BOOT-2.00
                             SSL/IKE microcode:  CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  :  CNlite-MC-IPSECm-MAIN-2.04

Labels:
0 Helpful
18 Replies 18

dhammink47
Level 1
Level 1
In response to robert.mehrer

‎01-05-2011 05:50 AM

Hi Robert,

I can't reach  www.cutr.usf.edu  either from the ASA (even with CSS switched off ...)

thanks for the URL

0 Helpful

dhammink47
Level 1
Level 1
In response to dhammink47

‎01-05-2011 06:19 AM

Hi Robert,

this website seems to have a problem with it's DNS. I just did a wget on a  linux box:

wget  http://www.cutr.usf.edu/
Resolving www.cutr.usf.edu... 131.247.19.8, 131.247.19.9, 131.247.19.33, ...
Connecting to www.cutr.usf.edu|131.247.19.8|:80... failed: Connection refused.
Connecting to www.cutr.usf.edu|131.247.19.9|:80... failed: Connection refused.
Connecting to www.cutr.usf.edu|131.247.19.33|:80... failed: Connection refused.
Connecting to www.cutr.usf.edu|70.85.180.226|:80... connected.
HTTP request sent, awaiting response... 200 OK

After 4 times it connects. Should not produce a 503 error with ASA CSS however

0 Helpful

robert.mehrer
Level 1
Level 1
In response to dhammink47

‎01-05-2011 07:42 AM

Ive done the same from behind the ASA and this is what i get. When i try to browse the IP that states connected i get the 503 error just like i do on all of the IP address's. Is there a security setting or something in the ASA that does this? Im at a loss as to why i would get this. I tested from home and it resolves correctly.

0 Helpful

dhammink47
Level 1
Level 1

‎02-22-2013 06:33 AM

I have since long updated to 6.3.1172.4 but still the occaisonnaly Error 503. (Mostly on MAC

Hardly any traffic on the network

CPU CSC SSM module 3%

So no real load. Can anyone explain me how to turn it off entirely ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card