Hello,
we have a weird case with asa 5525 - No URL filter in place.
When trying to access github.com from any computer from the inside network by using Mozilla or Firefox or SSH command from linux server - it fails. But works fine over IE with no issues.
There are no browser issues as when rerouting traffic bypass the firewall - all works fine.
Also, there is no DENY events in the logs as I can see that traffic going in and out.
On Client side I did a pcap and this is how it looks like:
2303151 249134.647628 192.168.30.30 192.30.255.113 TCP 55 [TCP Keep-Alive] 51064 → 443 [ACK] Seq=517 Ack=1 Win=262144 Len=1
2303152 249134.647970 192.30.255.113 192.168.30.30 TCP 60 [TCP Keep-Alive ACK] 443 → 51064 [ACK] Seq=1 Ack=518 Win=66048 Len=0
2306166 249154.668824 192.168.30.30 192.30.255.113 TCP 55 [TCP Keep-Alive] 51064 → 443 [ACK] Seq=517 Ack=1 Win=262144 Len=1
and so on.
My question is - why it is working only on IE but not on Chrome/Firefox based browsers?
When I doing a "Package trace" it is showing that everything is perfect and packages going through from inside port to outside and nothing is blocking it.
The diagram is as follow:
PC => Switch L2 => Switch L3 ( 0.0.0.0 to 192.168.1.2 FW ) => ASA 5525 => Switch L2 => ISP = Fail
When removing Firewall - diagram looks like this:
PC => Switch L2 => Switch L3 => Switch L2 => ISP = Pass
Everything is pointing to firewall :|
What else should I check/ try ? We do not have access over SSH - only ASDM.