Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5439
Views
0
Helpful
1
Replies

Proxy inspector drop reset

Richard Dumag
Level 1
Level 1

‎12-20-2012 11:22 AM - edited ‎03-11-2019 05:39 PM

Outside users with certain public ip addresses are not able to access our website.  Below is a log from our ASA 5550 8.2(5)  on one of the clients that's being dropped.  Packet trace result shows that the outside public addresses are allowed. 

We do have a TAC case open but wanted to also check the forum if anyone had ran in to this issue before.   Any comment is appreciated.

                  

4              Dec 19 2012        15:40:15               507003  xxx.xxx.x.2     23348    xxx.xxx.88.1       80           tcp flow from outside:xxx.xxx.xxx.2/23348 to DMZ:xxx.xxx.xx.1/80 terminated by inspection engine, reason - proxy inspector drop reset.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎01-13-2013 11:17 AM

This looks like port 80 traffic. Do you have http inspection enabled? If so, you can try to remove http inspection and see if the client is able to load the website hosted behind the ASA.

conf t

policy-map global_policy

class inspection_default

no inspect http

-Kureli

https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts

Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules

Register today: http://tools.cisco.com/squish/42F25

0 Helpful
Review Cisco Networking for a $25 gift card
Top