[c-nsp] FWSM problems with one website only

Arne Larsen / Region Nordjylland arla at rn.dk
Fri Apr 8 09:42:20 EDT 2011


Hi all.

I know that it's a bit unfair to ask, but I'll try anyway.
I have a problem with a website europe.medtroniccarelink.net.
It started the 18 of February, the exact same day the provider changed his certificate on his Ace modules. Since then I've been seeing strange behaviour from that web site.
They have a site similar in the US, this works fine.
I see mal formatting in the presentation and missing frames, missing links etc.
At first I was sure that is was the website, but after testing from other locations I can see that it's not.
For getting the right access to the website for our users, I ended up doing policy based routing in front of our firewall service modules towards a asa-5505, so that all call's to 82.118.95.239 on port 80 and 443 are relayed to the asa.
After that everything works fine.
When I did the tracing on the FWSM I could se that it was sending traffic in both direction on the connection and on the wireshark I could se that both ends ended up asking for each other, and after a while retransmitting the website sends a reset.
Another odd thing that occurs is, when a vpn ipsec user that has accessed our network, is calling the website it normally works fine, not always though.
We are running 3.1.17 on the service modules and the are located in a 6500-E with a WS-X6K-SUP2-2GE running c6sup22-psv-mz.121-26.E3.bin.
I'm really blank here, has anyone seen something like this before.

Regards Arne





More information about the cisco-nsp mailing list