Hello,

I am having this strange issue with the HTTP traffic passing through the firewall. There is no any policies configured on the CX module for web or application filtering however when I reload the CX module, the traffic is being allowed through the firewall only during the reload period of the CX module. Also reading the CX events it looks like the traffice is passing through fine. Attaching the screenshot.

The ASA5512-X is runing 9.1.3 software and I am running the tests with the IPSec VPN client as I am not on client's site (all the traffic goes through the FW, no split-tunnel). Once on VPN and accesing a website which initially runs on HTTPS and opens fine, then there are some URLs inside this website and look like they redirect to HTTP and come back to HTTPS (strangly designed portal but needed for production), on the PC I get a security warning of the information not being encrypted. When trying to open one of those URLs and after accpeting the security warning the website looks like keeps loading and loading but nothing happens, and when I disconnect from the VPN this URL opens instaltnly.

On the Wireshark I find this starnge error: [Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)] and this is sent from my PC IP address, not the server. Attached the conversation betwwen my PC and the web server from Wireshark.

I already tried modifying MTU and MSS values, also did the workaround according to the issue described  in the below URL, nothing helped so far.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113137-asa-83-browse-00.html

What do you think it maybe happening? I need some guidance on analysis of the packet capture and figure out what config on the FW could be blocking those HTTP requests. I desperate to fix this issues and already having few days trying to resolve it.

Thanks very much in advance.

Remi