Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5846
Views
0
Helpful
21
Replies

Many TCP retransmissions on Cisco ASA Log to a specific website.

rbarreto_p
Level 1
Level 1

‎01-09-2017 01:00 PM - edited ‎03-12-2019 01:45 AM

Hi everyone. 

I am stuck on a problem for several days and could not solve it so far. When I try to access a specific website, a timeout error occurs on browser. Tried to open wireshark to analyze the packet and could see many TCP retransmissions. It happens on Ciso ASA Capture as well.

The IP address of the website appears on Top 10 Protected Servers under SYN Attack on ASA Firewall Dashboard. (I do not know why, because it is a corporate website hosted outside our LAN).

I am able to open the website from everywhere, except from the company LAN. We have already checked proxy settings, DNS and everything looks fine.

Also we are able to open the website through browser with no problems, but the problem happens a few seconds later.

Attached a wireshark capture from internal host to the web site.

Thanks in advance.

3 people had this problem
Labels:
Preview file
194 KB
0 Helpful
21 Replies 21

rbarreto_p
Level 1
Level 1
In response to Pranay Prasoon

‎01-11-2017 09:31 AM

I already did that and could open the website with no problems. That is really strange indeed!

Thank you.

0 Helpful

Pranay Prasoon
Level 3
Level 3
In response to rbarreto_p

‎01-13-2017 01:40 AM

As I said, this doesn't look ASA issue, However, could you please open a TAC case if want this to be investigated further.

You can try tcp statte bypass for this particular connection and see if that helps.

0 Helpful

rbarreto_p
Level 1
Level 1
In response to Pranay Prasoon

‎01-13-2017 04:57 AM

OK, Pranay.

Thank you for your assistance. 

Regards.

0 Helpful

rbarreto_p
Level 1
Level 1
In response to Pranay Prasoon

‎01-13-2017 06:23 AM

I have created  TCP state bypass only for the specific website IP address but the problem was not solved. I will try to open a TAC case. 

Thanks. 

0 Helpful

rbarreto_p
Level 1
Level 1
In response to Pranay Prasoon

‎01-11-2017 01:20 PM

So when I connect the link back to the ASA I cannot access the website again from the internal hosts. The problem is the same as before. When the link is  connected directly to my laptop, I can access the website. .

Thank you.

0 Helpful

Farhan Mohamed
Cisco Employee
Cisco Employee

‎01-11-2017 05:01 PM

Really strange...Can you plug ISP EMBRATEL directly in a laptop with same IP as currently assigned to ASA  and try to access this specific website. I am still not sure if ASA is the problem. 

0 Helpful

rbarreto_p
Level 1
Level 1
In response to Farhan Mohamed

‎01-12-2017 05:00 AM

Hi Farhan. I did exactly what you said and was able to access the website. When I connect the same link to ASA, cannot access the website again. (SYN timeout).

Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card