Link to home
Create AccountLog in
Avatar of gbnorton
gbnortonFlag for United States of America

asked on

Intermittent https connectivity

This is on a LAN.  Windows 2003 Server domain.  
We connect to the Internet via a Cisco ASA-5505 that is connected to an AT&T Cisco 1800 to a T1.
We operate 24-7  hours.  From about 8am to 4pm each day users have trouble accessing https sites.  This time period is of course when everyone is here and network traffic is its highest. It is very intermittent.  They may not be able to get to a site one minute and the next they can.  They are also disconnected from https sites.  I believe it is a timeout issue.   The problem rarely shows up in http sites.  
 
We have about 20 switches in two buildings.  I completely shut down the network to the building VMI North.  The problem was still here.  In the other building, VMI South, one by one, I disconnected each switch from the network.  The problem never went away.  
 
I swapped out the main switch that connects to all the servers and switches.
 
So I don’t think I have a single switch that is the problem.  I also don’t think I have a single device connected to a switch that is the problem.
 
We have checked and double checked that we are clean of viruses or malware.
 
This problem showed up about 3 weeks ago.   Naturally, we(IT) can’t think of a thing we’ve changed that could be the cause…
 
We have IP monitor from SolarWinds and I have been able to look very closely at Interface Traffic per port on every switch.   Nothing shows up at 8am that we can see.

The problem shows up in both buildings.

Thanks,
Brooks
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

Did you also monitor the ASA? The 5505 seems like a small firewall for what looks like a fairly large network. Then again, I assume you are using the asa for a longer period than those three weeks....
Check protocol (security) settings etc in your users browsers.  I have both SSL 3.0 and TLS 1.0 checked.  I have no problem connecting to my bank.
ASA come with a 10, 50 and unlimited user license.

See this article
http://www.tech21century.com/cisco-asa-5505-user-license-explained/

You probably need a license upgrade.  This is a very, very common problem on EE.
Avatar of gbnorton

ASKER

The problem was solved by replacing the ASA with an identical one.  I don't know what is wrong with the original one yet.
The new one probably has a bigger user license.
I'll check that.
Thanks.
ASKER CERTIFIED SOLUTION
Avatar of gbnorton
gbnorton
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
thanks for the comments