Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3821
Views
0
Helpful
1
Replies

SFR requested to drop pkt" msg on ASA when SSL policy used CSCuy32278

collinsjl
Level 1
Level 1

‎04-04-2016 05:39 PM - edited ‎03-12-2019 05:57 AM

The subject line also appears when I have no SSL policy and I directed the traffic to the SFR module.  New install.

Looks like any outbound traffic from the inside destined port 443.

4 people had this problem
Labels:
Preview file
288 KB
0 Helpful
1 Reply 1

Aastha Bhardwaj
Cisco Employee
Cisco Employee

‎04-05-2016 07:08 AM

Hi,

When you are not using SSL policy it is expected that you see those messages because all encrypted traffic like for port 443 , SFR does not understand it and hence requests ASA to drop the packet .


Though the Enhancement that you have mentioned is only valid in case of SSL policy because when we are decrypting/re-encrypting packets we drop the original and inject the newly re-encrypted packet.  So with the ssl policy enabled (and ssl traffic) the SFR requested drop counter in the ASA will increment.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card