Hi r seth,

This was the first thing came into my mind thats why i put all the features of asa cx into monitor mode only and start asa aslo throughbasic setting via monitor only mode in policy map.

Hi,

You can try creating a deny ACL entry for a test machine and use it in the redirection policy map.  

Also check if there is any other device in your network that might be blocking your traffic.

Thanks,

R.Seth

Hi r.seth,

according to network right now, there is no deny acl working in asa and asa cx is already in monitor only mode as well as there is no other device which can be used to block or deny traffic like this.there is some issue with asa so kindly provide me the required solution here.

Hi,

I do not have ready solution as we are not sure what exactly is causing it, but you can try to find cause for the issue.

I would say you can try bypassing CX by creating an ACL entry to deny traffic from redirection for a particular host. If you still see the problem then I would say you should try capturing the traffic to see if ASA is forwarding traffic or not. These tests would help you narrow down the problem.

In case the issue gets resolved after bypassing CX then you should check CX config.

If you face any difficulty in troubleshooting you should contact TAC and discuss this issue.

Hope this answers your query!!!

Thanks,

R.Seth

This is not quite helpful but could you tell me how i can use Asdm on 192.168.0.X/24 network where management cable is configured on 192.168.1.1/24.so i want to use asdm on my desktop from 192.168.0.118/24 but its configured at 192.168.1.1/24

If you are able to reach the management IP from your workstation then you can enable ASDM access on the Management interface and then access it to manage device.

commands to enable ASDM:

>>  asdm image disk0:/<image-name>

>>  http server enable

>>  http <ip> <mask> interface name.

Ensure you have ASDM image present on the ASA. 

Thanks,

R.Seth

HI r.seth,

I am still working on that issue and its still there. I am not getting the way out to resolve the issue.

this time  am sending you the attachment for running configuration.please let me know if there is any possibility. 

Hi r.seth,

i am still waiting for ur reply .please provide me some other refrence guys who can help me with that....

Hi,

If you are seeing issue even after permitting the traffic and bypassing the CX then you should reach out to TAC and discuss the issue.

I don't see anything in the config that would block the traffic. You can check the sessions on ASA for host from where you try accessing the website. 

Also check if you have any other firewall that might be blocking the traffic.

Thanks,

R.Seth

No R.seth there is no extra firewall is working in the network.kindly provide an relevant answer which can help us.

Or please provide some other references.

Your config permits all the traffic and still you are seeing this issue. 

Do you see this issue for all the web traffic or there is one specific website which is failing to open.

If it is one particular website then you should try accessing it through a different internet connection (basically try bypassing ASA). Issue might be outside firewall.

Share your findings.

Thanks,

R.Seth

So you mean to say that i should try bypass my asa firewall ?

coz this issue is only for standard charted bank site from any url like sc.com,ibank.standardchrted.com as well as my phone for standard charted is also not working.