09-10-2010 11:40 AM - edited 03-11-2019 11:38 AM
Im stumped! we have one website that we use ALL the time. Sometimes it works sometimes it doesnt.
www.cutr.usf.edu its a good URL it works on any other device not behind the ASA.
When we navigate to it, it displays 503 service unavailable Unable to connect to 131.247.19.33.
i can see it building and tearing down the connection. TCP FINs looks normal but this is what we get. It may work fine for a while then not. last time i started putting www in front of the url and now nothing works. Any ideas?
6 | Sep 10 2010 | 14:34:27 | 302014 | 131.247.19.33 | 80 | 192.168.1.36 | 5129 | Teardown TCP connection 11045881 for WAN:131.247.19.33/80 to LAN:192.168.1.36/5129 duration 0:00:00 bytes 277 TCP FINs |
6 | Sep 10 2010 | 14:34:27 | 302013 | 131.247.19.33 | 80 | 192.168.1.36 | 5129 | Built outbound TCP connection 11045881 for WAN:131.247.19.33/80 (131.247.19.33/80) to LAN:192.168.1.36/5129 (74.203.134.30/4520) |
6 | Sep 10 2010 | 14:34:27 | 305011 | 192.168.1.36 | 5129 | 74.203.134.30 | 4520 | Built dynamic TCP translation from LAN:192.168.1.36/5129 to WAN:74.203.134.30/4520 |
6 | Sep 10 2010 | 14:34:24 | 302014 | 131.247.19.33 | 80 | 192.168.1.36 | 5127 | Teardown TCP connection 11045875 for WAN:131.247.19.33/80 to LAN:192.168.1.36/5127 duration 0:00:00 bytes 277 TCP FINs |
6 | Sep 10 2010 | 14:34:24 | 302013 | 131.247.19.33 | 80 | 192.168.1.36 | 5127 | Built outbound TCP connection 11045875 for WAN:131.247.19.33/80 (131.247.19.33/80) to LAN:192.168.1.36/5127 (74.203.134.30/51059) |
6 | Sep 10 2010 | 14:34:24 | 305011 | 192.168.1.36 | 5127 | 74.203.134.30 | 51059 | Built dynamic TCP translation from LAN:192.168.1.36/5127 to WAN:74.203.134.30/51059 |
Trend Micro InterScan for Cisco CSC SSM 6.3.1172.3
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 53 days 2 hours
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
01-05-2011 05:50 AM
Hi Robert,
I can't reach www.cutr.usf.edu either from the ASA (even with CSS switched off ...)
thanks for the URL
01-05-2011 06:19 AM
Hi Robert,
this website seems to have a problem with it's DNS. I just did a wget on a linux box:
wget http://www.cutr.usf.edu/
Resolving www.cutr.usf.edu... 131.247.19.8, 131.247.19.9, 131.247.19.33, ...
Connecting to www.cutr.usf.edu|131.247.19.8|:80... failed: Connection refused.
Connecting to www.cutr.usf.edu|131.247.19.9|:80... failed: Connection refused.
Connecting to www.cutr.usf.edu|131.247.19.33|:80... failed: Connection refused.
Connecting to www.cutr.usf.edu|70.85.180.226|:80... connected.
HTTP request sent, awaiting response... 200 OK
After 4 times it connects. Should not produce a 503 error with ASA CSS however
01-05-2011 07:42 AM
Ive done the same from behind the ASA and this is what i get. When i try to browse the IP that states connected i get the 503 error just like i do on all of the IP address's. Is there a security setting or something in the ASA that does this? Im at a loss as to why i would get this. I tested from home and it resolves correctly.
02-22-2013 06:33 AM
I have since long updated to 6.3.1172.4 but still the occaisonnaly Error 503. (Mostly on MAC
Hardly any traffic on the network
CPU CSC SSM module 3%
So no real load. Can anyone explain me how to turn it off entirely ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide