Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
7
Replies

Web Traffic being block intermediately

ray_stone
Level 1
Level 1

‎10-15-2009 07:38 AM - edited ‎03-11-2019 09:26 AM

Hi, we have cisco ASA 5505 FW running in our production environmentand OS version is 8.04. Since we are upgraded the IOS from 7.2 into 8.04, we have been experiencing a strange issue i.e. our production web servers are placed at DMZ zone and by natting its mapped with pubic IP. The http and https ports are opened for outside users to access the website and its working fine but sometimes users are facing an outage on webpage for couple of seconds but it works after 2 seconds. To invesigae the issue, I have installed the firewall log analyzer software and i am looking there are so many packets are being denied for internal web server which is really strange.

Can anyone explain why its happening or is it a bug of 8.04 release.

Thanks

Labels:
0 Helpful
7 Replies 7

Yudong Wu
Level 7
Level 7

‎10-15-2009 02:32 PM

If the issue only happened for 2 sec, it might be very hard to catch it. Can you check the following?

1. ASA cpu and memory utilization.

2. related interface to see if there is drop count incrementing.

3. Check the related switch port as well to see if there is drop count incrementing.

0 Helpful

ray_stone
Level 1
Level 1
In response to Yudong Wu

‎10-16-2009 06:02 AM

The ASA CPU and MEMORY utilisation is normal but what do we need to do in order to check the second and third option that you are marked.

Pls. explain the way to test it.

Thanks

0 Helpful

Yudong Wu
Level 7
Level 7
In response to ray_stone

‎10-16-2009 09:11 AM

"show interface" command on both Cisco switch and ASA should tell you the count. Just check to see if there is any error count incrementing.

If the problem happens for just 2 sec but very often, you can do a packet sniffer as well to see if it is caused by packet drop.

For packet sniffer, you can use "capture" command on ASA or do a span capture on switch...

0 Helpful

ray_stone
Level 1
Level 1
In response to Yudong Wu

‎10-17-2009 04:35 AM

Hello,

The Web Servers are directly connected with unmanaged switch and that switch is connected with ASA Inside Interface. I have checked the interface status and no packets are being dropped.

One of the issue I would like to explain here i.e. that same site is connected with our office via STS Tunnel and when we do work on remote servers through remote desktop (Tcp/3389) then sometimes rdc disconnects intermediately but after couple of sec again same session gets started.

Please verify what could be an issue? Thanks.

0 Helpful

ray_stone
Level 1
Level 1
In response to ray_stone

‎10-19-2009 11:31 AM

Can anyone respond?

Thanks:)

0 Helpful

ray_stone
Level 1
Level 1
In response to ray_stone

‎10-20-2009 06:42 AM

?

0 Helpful

Yudong Wu
Level 7
Level 7
In response to ray_stone

‎10-20-2009 08:26 AM

As I mentioned early, I would like to suggest you to do the capture/sniffer on both outside and DMZ interface at the same time. By comparing two packet captures, we should know if there is drop in ASA. Then we need check the log, some show command, etc to figure out why the packet was dropped.

I would suggest you to open a case with TAC to troubleshoot this further.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card