Avatar of cnetwiz
cnetwizFlag for United States of America

asked on 

Changes Caused Necessity to Restart Firewall

Hello Experts,
Have a WHY question...  ASA Firewall with IDS.   Connections to External Internet, Internal DMZ Zone, Internal Router.  
The DMZ Zone has 3 servers.  2 dns and 1 web.   Over the weekend, Virtualized these 3 servers to one new server and disabled the switch ports of the 3 servers.  
Accessing a Test computer in the DMZ Zone,  tested accessibility to the new VS, DNS VS and Web VS  Everything worked Perfectly.   Access all websites from DMZ Web Server, and Outside Internet sites.
HOWEVER,  No Accessibility to Webserver from Outside World.  DNS Traffic Gets Thru.  Can Remote Desktop to all DMZ Servers from Management Network.    Everything execpt http traffic is not working.    "Server Not Available" is the Internet Explorer Error.  
After Hours of Troubleshooting finally shook my head and restarted ASA.   Now Everything works Perfectly and Everythign is Accessible.    MY Question .   What would cause the ASA to deny http traffic when I switch the 3 Servers to VS and upon restart allow traffic  ????
Hope I explained my case well.   Any Thoughts would be appreciated.
CiscoInternet ProtocolsMicrosoft Virtual Server

Avatar of undefined
Last Comment
Avatar of ullas_unni
Flag of India image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of cnetwiz
Flag of United States of America image


That is interesting that you thought of ARP.
Thinking the process thru, there could really be no reason why packets would be denied unless the ASA is receiving an ARP packet and the MAC address is different than the ARP Cache entry.

The packet is legitimate, however, the Firewall could interpret it as an ARP attack.

Thank you for allowing me to bounce the idea off you guys.   It makes sense..

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo