Hello,
I am using CISCO ASA 5585.
While most of the users could browse one particular website few cannot.
I captured the packets against the solution provided for "MSS Exceeded" but didn't find any packets captured against the match. So, the problem might not be pertaining to this.
I used packet tracer and found that it is being dropped due to some access-list configuration, though no implicit rule was shown in the context.
The relevant output for it is produced below:
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7ffdae3ab750, priority=500, domain=permit, deny=true
hits=6, user_data=0x7, cs_id=0x0, reverse, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=INSIDE, output_ifc=any
Result:
input-interface: INSIDE
input-status: up
input-line-status: up
output-interface: OUTSIDE
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Now I don't know how to troubleshoot the problem. This is a pressing problem as the concerned site is one of the most sought after portal for my users. The website is working fine outside the firewall.
Thank you,
Vivek