Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
954
Views
0
Helpful
5
Replies

ASA has problem with SSL config

RANT
Level 3
Level 3

‎04-30-2026 02:53 PM

Have FPR1010 that connects to c2960 and drops SSL when user tries to launch program.  Switch shows one class-map with errors and User states getting errors.  "The error SSL connect error (openssl ssl_connect: ssl_error_syscall) indicates that the TLS handshake between your client and the server failed, often due to certificate issues, protocol mismatches, or network interruptions."

Real error is:

 

Preview file
11 KB
0 Helpful
5 Replies 5

Mark Elsen
Hall of Fame
Hall of Fame

‎04-30-2026 11:40 PM

 

  - @RANT                  What are you trying https or SSL ?

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Aref Alsouqi
VIP
VIP

‎05-01-2026 01:30 AM

Could you please share your sanitized configs and topology for review?

0 Helpful

pieterh
VIP
VIP

‎05-02-2026 03:29 AM - edited ‎05-02-2026 03:30 AM

two possibilities come to my mind
1) the FPR uses SSL inspection ( man in the middle of the SSL link)
2) the FPR recognizes the used protocol (more specific than only SSL) to the "render server" but is not configured to forward this.

0 Helpful

RANT
Level 3
Level 3

‎05-18-2026 06:45 AM

The cause is called Elephant Flow, and we found that the issue is on the outside interface of the FPR1010-ASA.  Packets are being dropped at a large amount.  From my BR I did a trace and found ICMP and UDP drop at over 39%.  But let me explain more! We are using ASA's to also route EIGRP across the network.  In this scenario I have two ASA's before I connect to the core switch.  So basically, I have an ASA at one location that I connect via the outside interface to another ASAs inside interface.  With NO redistribution on either device.  Strange I know, yet traffic flows thru both to core switch. When LARGE traffic or images transverses the connection it gives a jitter.  My question is should I put a redistribution on the ASAs or configure a NAT to allow all traffic to core?

Preview file
547 KB
0 Helpful

Aref Alsouqi
VIP
VIP
In response to RANT

‎05-20-2026 01:27 AM

I don't believe redistribution or NAT would play any role here because from what you explained the traffic is not fully dropped, some passes and some not. I believe it might be an issue with the firewalls resources that can't cope with that amount of traffic?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card