Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
0
Helpful
8
Replies

Http Connection with Video Flow

avburren1
Level 1
Level 1

‎05-05-2011 02:23 AM - edited ‎03-11-2019 01:29 PM

Hi,

I am using ASA 5510 and I have a specific problem with Http Connection to receive a video Flow ( RSTP protocol ) in the LAN.

Some Pc users (192.168.1.133,in the log)  with ASA Lan Interface as gateway can ping the Camera but don't receveive the video flow.
Some Pc users (192.168.1.116,in the log) using another gateway can ping and receive the video flow.

I used Whireshark  to capture traffic between camera and Pc using the 2 gateway. I joined Logs with this message.

It seems to be a problem of TCP segments on the ASA, I try to changed some TCP options but it's still the same:
- Disable Force Maximum Segment Size
- Enable Force TCP Connection to Linger in TIME_WAIT State for at Least 15 Second

Should I enable RSTP inspection for example ? Any Others Ideas?

Thank You

Labels:
Preview file
165 KB
Preview file
117 KB
Preview file
29 KB
Preview file
128 KB
0 Helpful
8 Replies 8

Maykol Rojas
Cisco Employee
Cisco Employee

‎05-05-2011 11:53 AM

Hi,

Please disable HTTP inspection if enable and enable RTSP inspection.

Let me know how it goes.

Mike

Mike
0 Helpful

avburren1
Level 1
Level 1
In response to Maykol Rojas

‎05-05-2011 02:28 PM

Http inspection is disabled and I rectify my first post , RTSP inspection is already enabled ...

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to avburren1

‎05-05-2011 02:37 PM

Hi,

I think I didnt understand that, you put it on question marks, it sounded like you were asking. Now, is the service policy giving you any drops on the RTSP? What can you see on the logs? Were you able to put an asp drop capture to check if the ASA is dropping any packets?

Mike

Mike
0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Maykol Rojas

‎05-05-2011 02:39 PM

Hi,

I saw the logs but those deny tcp no connections were when the connection was already torn down. Please gather the reason why the first connection is being torn down so we can correlate.

Cheers.

Mike

Mike
0 Helpful

avburren1
Level 1
Level 1
In response to Maykol Rojas

‎05-06-2011 02:53 AM

That's why I ask here why the TCP connection doesn't work when PC use ASA Firewall as gateway whereas the ping is Ok.

Wireshark shows:

Acked Lost Segment /  Broken TCP. The acknowledge field is nonzero while the ACK flag is not set

I was wondering if ASA had  Security options with TCP connection which explain the deny traffic

0 Helpful

avburren1
Level 1
Level 1
In response to avburren1

‎05-06-2011 08:05 AM

I just see a cisco documentation :

The following restrictions apply to the inspect rtsp command

The security appliance does not have the ability to recognize HTTP cloaking where RTSP messages are hidden in the HTTP messages.

Could it be an explanation to the problem ?

0 Helpful

avburren1
Level 1
Level 1
In response to avburren1

‎05-11-2011 07:53 AM

Nobody ?

I try to search other possibility :

When it works (pc using a different gateway), wireshark indicate this msg : Tcp segment of a reassembled PDU.
By default,Is the ASA accept and fragment frames larger than the MTU size ?

And what about the Timeout tcp-proxy-reassembly option ?

Thank you

0 Helpful

Christopher Stock
Level 5
Level 5
In response to avburren1

‎11-14-2014 07:32 AM

Did you ever get  an answer to this?

 

Thanks

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card