ASR-920 vs HTTPS communication

Calderano · ‎11-23-2023

Hello every one.

I have a part of my network using only ASR-920´s establishing connection over OSPF and BGP. All kind of accsess works (SSH, Telnet, HTTP), but in these days, I´ve needed to integrate a new device with management that works only over HTTPS, and not worked.

I ran the wireshark at the same network as my notebook in one ASR trying to reach the SW SEL-2730M connected at the other ASR, trying to reach https site of mamagement. The results are, in part, below

An information importat: THERE IS NO ACL ON ANY OF THE ROUTER ASR-920

I´ll appreciate any support / help

B. Calderano

MHM Cisco World · ‎11-23-2023

Ip http secure-server <<- are you add this?

Calderano · ‎11-23-2023

@MHM Cisco World thanks for your reply

in both box:

no ip http server
no ip http secure-server

MHM Cisco World · ‎11-23-2023

Can you more elaborate

You need to access https of router or you want to pass https through router?

Calderano · ‎11-23-2023

Of course... I need to access equipment connected to the ASR-920 router... the SE SEL2730 is connected to the ASR, in the same way as a SIEMENS RX1500 router... both with HTTPS access only...

I used two models to find out if the problem could be with the end equipment.

MHM Cisco World · ‎11-23-2023

Duplicate tcp meaning some tcp is drop or there is asymmetric routing.

Https is tcp in base so we need to make traffic symmetric as we could.

MHM

Calderano · ‎11-23-2023

In my scenario, I only have one ASR connected to the other by BGP + OSPF... and the equipment connected to one of these. I believe it is unlikely that we will have asymmetry in this case.

MHM Cisco World · ‎11-23-2023

Ok

Show ip nat statistics

Check if out-to-in count is high or not.

Calderano · ‎11-27-2023

dear @MHM Cisco World in my boxes i don´t have these commands...