ASA code 9.7

Started by Dieselboy, January 17, 2017, 08:32:21 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions

Dieselboy

#30
March 12, 2017, 11:55:25 PM
 :eek: >:D :'(

Just another FYI - seems like "TCP state bypass" might have some issues.. My VTI VPN is working but guys in Sri Lanka are getting weird timeouts when trying to connect to stuff. They keep trying and it works. Issue is random, seemed like TCP port exhaustion. Looks like an embryonic timeout is coming into play even though I've set tcp state bypass for traffic flowing through the ASA which matches my site to site subnets.
I have a TAC case open to confirm my tcp state bypass should also mean the embryonic timeout does not come into play. I now have this timeout set to unlimited on the service policy and the issue has gone away (at the moment, but it's barely been 24 hours). I'm still deciding on whether to re-produce the problem to gather the inspections / captures to dig deep.

deanwebb

#31
March 13, 2017, 09:19:46 AM Last Edit: March 13, 2017, 09:21:17 AM by deanwebb
Soooooo... if I hear you correctly... you're saying.... DON'T upgrade to 9.7?

:problem?: <- Your TAC guy will make this face

:rage: <- or this one

when you call in with that call that starts with "I just upgraded to 9.7, and..."
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages 1 2 3
User actions