Re: ASA-transparent mode blocking router connection. help plz

erwinerwinerwin · ‎06-19-2006

Hi everybody.

I'm currently implementing cisco ASA5510 with AIP SSM10 module, the asa is configured for transparent mode and inline mode for the ips.

the problem is, after i apply the asa everything seems to go smooth for a moment, but after that i've got the asa blocking my wireless connection to branch-office.

i know it's seems had no correlation for the asa to block/slowed down the connection between two router, with 75% of ping packet rto, but after i removed the asa, the connection goes back to normal again.

i've attached the diagram with my asa configuration, can anybody help me???

or is any bug related with transparent mode asa with inline ips.

thanx.

aghaznavi · ‎06-23-2006

Different kinds of traffic can be slowed down due to AIP SSM10 module.Here is an HTTP sample .There are some websites, such as banks, online shopping sites, or other special purpose servers that require extra backend processing before responding to a client request. The CSC SSM has a hard-code 90 second timeout between the client request and the server response to prevent transactions from tying up resources on the CSC SSM for too long. This means that transactions that take longer time to process fail. The workaround is to exclude the site from scanning.Following URL would provide more informations

http://www.cisco.com/en/US/products/ps6120/products_administration_guide_chapter09186a00805f1386.html.

erwinerwinerwin · ‎06-25-2006

i'm using an AIP-ssm10 not a CSC-ssm-x, and blocking connection that i mean is blocking the whole connection (ip/tcp/udp) at next hop router (75% rto).

i'm currently implement asa with no IPS function turned on and it has no problem till now.

and no one from cisco responding to my problem yet...

any other suggestion?