This issue is due to the presence of Cisco bug ID CSCsh83148.
In this issue, http connections through the firewall can be slow, stall or fail completely. This problem is also seen with TCP traffic that is re-ordered by the firewall such as:
Traffic subjected to url filtering
Traffic that matches any inspection on the firewall
Traffic that is sent to a service module (AIP or CSC module)
Out-of-order packets can be received on the outside, which causes packets to be reordered by the ASA TCP normalizer before they are processed further. The reordered packet(s) can have the Timestamp Value incorrectly set to 0, and the connection can be discarded on the CSC.
The workaround of this issue is to use Moduler Policy Framework (MPF) in order to clear the tcp timestamp option. Complete these required steps in order to accomplish this task:
Create an extended access-list in order to define the traffic.
Create a class map and bind access-list to it.
Create a new policy-map or use a policy-map that currently exists to bind the class-map with it.
Hello all, With "ip arp inspection vlan X" you enable Dynamic ARP inspection that determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping.My problem Is that I d...
Hallo.The ASA 5506-X has 4 GB of RAM and 2 GB of it is allocated to the FirePower software.This is too little, the MySQL database needs a lot, memory has to be swapped out to the swap partition.I don't need 2GB RAM for the ASA software.So how can I alloca...
I try 2 times with the same result what i can to do ? session log Downloading Tracking Tools... done.Removing stale lock fileUPDATE 0Updated timestamp of stale msgsdb entries.Preserving configuration ...Finished preserving confi...
Hi, I have setup URL Filtering and blocking access to bad stuff. I am having strange behavior and wana know how it works, My policy allow port any but I getting below issue and wana understand. I can access https://gooogle.com or https://bb...