cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

261
Views
0
Helpful
10
Replies
Rex Biesty
Beginner

Cannot download from HTTP sites via Internet Explorer

Hello, I have an issue with a newly configured ASA firewall (running v7).

From a client machine (using the ASA as the default gateway) I can download files from sites that use FTP but not from sites that use http. However, if I use Firefox (rather than Internet Explorer) I can download from FTP and HTTP without issue. General browsing works fine in all scenarios.

If I enter our proxy server details into Internet Explorer - downloading is fine also. I want to move away from this config though as the ISA proxy server is in the process of being decomissioned.

Please help

10 REPLIES 10
zulqurnain
Participant

hello,

if you can post your config it will help solving your issue quickly.

As requested - thanks

zubairjalal
Beginner

have you tried putting the inspect on http traffic

Thanks for the reply. I've added the 'inspect http' command to the global policy but alas it's made no difference.

musa19ie
Beginner

it seems to me that you are facing a problem with the tcp MSS, I think that your asa is dropping packets that exceed the mss advertized on the handshake phase, you can add the follwoing code to solve it:

access-list http-list permit tcp any host server_ip eq 80

class-map http

match access-list http-list

tcp-map tmap

exceed-mss allow

policy-map global_policy

class http

set connection advanced-options tmap

I'm afraid that makes no difference either (just hangs on the 'file download' box)

Any more takers? I can't turn off ISA until I have a resolution to this. Thanks.

More info - it actually seems to be related to certain sites rather than protocols i.e. I can download from HP and Dell websites but not Microsoft (though automatic updates is working)

Even more info. We use websense to filter URLs and turning off the filtering enables downloading without issue. I'll need to do a bit more digging into why this is.

We ran into this, too; it appears to be a bug with the Websense integration in earlier 7.x releases. Upgrading from 7.1(2) to 7.2(2) fixed it for us.

Content for Community-Ad