Hi

kp-tkr2014 · ‎04-26-2016

Hi,

I am facing very unusual issue like when i am trying to access from outside to inside campus network (web server),

I can see traffic is coming to asa ( live debugging log ) . But i cannot see this traffic leaving asa and reaching next hop .

I have enabled logging informational .But it seems that there is no trace in the log also.

What if i remove http from policy map

policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns
inspect icmp
inspect http

Thank you

Aditya Ganjoo · ‎04-26-2016

Hi,

You can try removing the inspect http and then check.

Also may i know did you use asp captures to see if the ASA is dropping the packets or not ?

cap asp type asp-drop all

sh cap asp | in <IP of the server>

Regards,

Aditya

Please rate helpful posts.

kp-tkr2014 · ‎04-26-2016

Hi

Thank you for the reply .

when users browsing inside (http or https) ,they are not facing any issue. Only issue internally hosted website when they are accessing from outside it works intermittently. Sometime works sometimes does not . Some website works some website does not . This is the behavior of the problem .

if i remove http from policy-map global_policy does it impact browsing from inside to outside ?

Can i run cap asp type asp-drop all during the production hours . I mean does it impact normal operation

Thank you

asa traffic issue