Hello! I ran into an issue with client-server traffic over HTTPS which I`m trying to figure out for the past couple of days.
I have a server in the HQ providing services over HTTPS. The client initiates the TLS negotiation with TLS Client Hello and the packet makes it all the way to the server, which replies back to the client with a Server Hello. The TLS Server Hello reply is visible in a capture on the ASA before being encrypted, but for some reason it never makes it to the other side. screenshot of PCAP from both end of the tunnel attached. port and sequence numbers are off on the 2 end as they were taken in slightly different time, but pattern is the same. Client keeps sending TLS Client hello, but Server Hello never makes it make to Office site.
Anyone has any idea?
All other traffic is passing through the tunnel OK. First I thought it may be something with the inspection, but now I just don`t know. See config snippet from HQ side.
class-map Firepower match any class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect netbios inspect ip-options inspect pptp inspect ipsec-pass-thru inspect http inspect sunrpc inspect sqlnet inspect icmp inspect icmp error class Firepower sfr fail-open class class-default user-statistics accounting ! service-policy global_policy global
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...