01-25-2011 06:28 AM - edited 02-21-2020 04:13 AM
Hi,
Current version of the asa firewall is 7.1(2) in which when the inspect http is enabled, while opening secure site like axis bank account or any money market site either blank page display or page can not display error message appear. When i disable this command i am able to access all the secure sites properly. It looks like a bug but in the release not i am not finding any bug related to this issue. Please help me resolve this issue.
Amit M.
01-27-2011 10:05 PM
maybe you should repost this in the section "Firewall"
inspect http does by default nothing to https tcp/443 connections. there must be some other configurations which are different from factory default
01-28-2011 04:33 AM
Thanks for the reply. When i disable http inspection and when i try to open login page for some of the site then this page cannot be display appear. Also i try MSS might get exceeded and found in the show asp drop tcp mss is not showing. But still i create a class for mass exceed and apply it in globle configuration but it does not work. Latter i have to disable the http inspection and it started working. Now the question is while clicking on login butten it will go from http to https page during this shifting of http to https why does it affect the connection when enable http inspection.
Following is the show asp drop output.
Please check
PIXFIREWALL# sho asp drop
Frame drop:
Invalid IP header 10
No route to host 13
Reverse-path verify failed 398846
Flow is denied by configured rule 107075
Flow denied due to resource limitation 35
Invalid SPI 2
First TCP packet not SYN 62706
TCP failed 3 way handshake 1211
TCP RST/FIN out of order 39
TCP packet SEQ past window 1
TCP invalid ACK 1
TCP packet buffer full 209
TCP RST/SYN in window 14
TCP DUP and has been ACKed 10411
TCP packet failed PAWS test 10
IPSEC tunnel is down 137
IP option drop 551
Expired flow 26
ICMP Inspect seq num not matched 1057
ICMP Error Inspect different embedded conn 60
DNS Inspect id not matched 4674
IPS Module requested drop 8
FP L2 rule drop 22988
Interface is down 8
Flow drop:
Flow terminated by IPS 16
NAT failed 13066
Tunnel being brought up or torn down 514
Need to start IKE negotiation 2136
Inspection failure 60
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide