today I am going to ask for an urgent help. The issue started with something and ended up into another. I have updated a firewall image from 8.2 to 8.4.5 and after that the traffic (http, ftp, pop3) was not passing through CSC for the clients behind the ASA. So we are asked from Cisco TAC to upgrade the CSC version 6.3 to 6.6 (reimage and with 6.6 hotfix). But it didn't solve the problem. Later on from global policy we remove the rule to pass through CSC and unfortunately the problem isn't solved and additionally we are not able to connect with ASDM but ssh was working to connect on ASA.
What I found until now that that there is a lot of tcp dup packet drop. I have done the packet capture on both direction (in and out) and see there is very less packet comes in and no payload. anyway I have attached those files.
One important thing to tell I have already shutdown the CSC module and now the traffic goes from client->proxy->ASA->router->internet. I have seen the packet on the router and there is no issue on internet or the router. Because there is no packet drop on icmp and there is no special rule on the router except NAT.
thanks for your answer. I downgraded the ASA to 8.2 and it didn't solve the issue. Later on I have found the switch between router and firewall makes that issue. After removing the switch everything works fine again except the traffic is passing through CSC module. We will do that test on next week. Because that it is a remote location where the problem appear and the people don't want any test further until this week.
Radius server configuration for 802.1X
Server radius test1
Address ipv4 10.1.1.1
Server radius test2
Address ipv4 10.1.1.2
aaa group server radius TEST-gr
server name test1
server name test2
Umbrella’s cloud-delivered firewall (CDFW) is a cool features that provides Firewall Services in the Cisco Umbrella Cloud without the need to deploy on-premises firewall devices and visibility and control for internet traffic across all branch offices. To...
SymptomsDownloadable ACL (dACL) does not take effect on the IOS-XE Network Access DevicesDiagnosisCreating redirection ACL on the IOS-XE device failed to redirect the specified traffic for captive portal redirectionSolutionEnable device tracking, Below is...
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi...