Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
2
Replies

ASA Behaviour

usman ali dar
Level 1
Level 1

‎05-15-2015 08:48 AM - edited ‎03-11-2019 10:57 PM

hey,

 

we have setup all the traffic from inside to go outside for internet and Nat the network segments that we want to provide the internet and other services.

 

we have inside users that usually connects to the server on internet via client workflows with static port, I have added one single rule for it

 

any permit inside to go outside to server on port tcp 1234

 

now the issue starts like this all the users connect in the morning and suddenly some of the users out of 10/8 are kicked out and two remain connected to the server. anyone new or old cant log in to the server.

 

after some time like 1 2 3 hour it start working again....I am trying to see whats wrong on my network side if there is or firewall so that I can fix that ...

  1. I tried capture packets from client to server when there is no outage...I see packets are sent on port and nat and then connected simple
  2. I tried capture packets from same client to server when there is an outage ...I see client sending packets and re transmit no response after 9 seconds the server ACK the transmission and then lost again...after some time client close the connection....
  3. I tried to trace route its all same.....

 

kindly help or guide

 

 

regards

Labels:
0 Helpful
2 Replies 2

fsebera
Level 4
Level 4

‎05-15-2015 11:07 AM

Hi usman,

 

Can you verify the remote site and infrastructure is operational 100% of the time?

Frank

0 Helpful

usman ali dar
Level 1
Level 1
In response to fsebera

‎05-19-2015 05:37 PM

Hello fsebera thank you for your response. please review the points below

 

  1. all the clients are using their dedicated systems & client that connects the remote server on internet
  2. the client first connect and use GET method to connect the server and then prompt the username and password otherwise display error
  3. once username and password is entered the main application page is displayed and no issues
  4. at no moment out of 10 users for example any time of operation the clients kicked out of the application and no one logged in again or any new user until it start working again after 2 -3 hours
  5. while the outage and I am unable to connect to the server, I did the test to connect the server via my DSL link which is totally separate path as compared to my work space and it worked like anything no issues at all
  6. I am also having some issues of same type in my network the folks are complaining same as they are connected to sql server and suddenly everybody is kicked out, one said he is using a very basic client which connects to internet sql server for studies and it was not connected....
  7. I tried to set him up from dynamic NAT to static and then NAT that user to outside interface but the issue was not resolved.
  8. other than that all the internet traffic is fine no complaints for any issues
  9. I tried to capture the packets and I was reviewing some very unknown error the packet comes in to ASA and the TCP session is built. the user is NATTED and req sent to server....the response comes in to ASA and ASA Discard the packet by saying there is no session information for this connection to OUTSIDE Interface...that's very spooky to me why would ASA compare that dynamic nat session to its outside interface, when it can see that the session is built over the dynamic natting from its table and translation is also present

 

the only issues I am currently having is with applications with clients like java clients or SQL clients and any other clients. I can see their traffic going out translated session built and even I am missing some thing that is causing this issue.

 

kindly help me out figuring this situation...your all help will be highly appreciated. in any due case of requirement of capture traffic can also be shared

 

 

r

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card