Solved

Decphering ASA Logs

Posted on 2014-07-24
6
54 Views
Last Modified: 2015-10-20
I'm having some issues with my ASA and my Websense.  It seems when I try to use the websense to route out my web traffic pages are not resolving.  I have it set in my browser with proxy settings.  I ran the sniffer via the ASA and I'm getting logs - however I don't understand them.

 577: 08:58:26.605391 websense proxy.53201 > 192.0.72.2.80: . ack 1734268301 win 311 <nop,nop,timestamp 198614750 2765785576>
 578: 08:58:26.605742 websense proxy.53201 > 192.0.72.2.80: . ack 1734269669 win 332 <nop,nop,timestamp 198614751 2765785576>
 579: 08:58:26.605849 websense proxy.53201 > 192.0.72.2.80: . ack 1734271037 win 354 <nop,nop,timestamp 198614751 2765785576>
 580: 08:58:26.606429 websense proxy.53201 > 192.0.72.2.80: . ack 1734272405 win 375 <nop,nop,timestamp 198614751 2765785576>
 581: 08:58:26.606536 websense proxy.53201 > 192.0.72.2.80: . ack 1734273773 win 396 <nop,nop,timestamp 198614751 2765785576>
 582: 08:58:26.607009 websense proxy.53201 > 192.0.72.2.80: . ack 1734275141 win 418 <nop,nop,timestamp 198614752 2765785576>
 583: 08:58:26.607115 websense proxy.53201 > 192.0.72.2.80: . ack 1734276509 win 439 <nop,nop,timestamp 198614752 2765785576>
 584: 08:58:26.607710 websense proxy.53201 > 192.0.72.2.80: . ack 1734277877 win 461 <nop,nop,timestamp 198614753 2765785576>
 585: 08:58:26.607817 websense proxy.53201 > 192.0.72.2.80: . ack 1734279245 win 482 <nop,nop,timestamp 198614753 2765785576>
 586: 08:58:26.607970 websense proxy.53201 > 192.0.72.2.80: . ack 1734280613 win 501 <nop,nop,timestamp 198614753 2765785576>
 587: 08:58:26.608107 websense proxy.57572 > 192.0.72.2.80: . ack 2885826982 win 501 <nop,nop,timestamp 198614753 2765804629>
 588: 08:58:26.608214 websense proxy.57572 > 192.0.72.2.80: . ack 2885828350 win 491 <nop,nop,timestamp 198614753 2765804629>
 589: 08:58:26.608336 websense proxy.57572 > 192.0.72.2.80: . ack 2885829718 win 480 <nop,nop,timestamp 198614753 2765804629>
 590: 08:58:26.608443 websenseproxy.57572 > 192.0.72.2.80: . ack 2885831086 win 469 <nop,nop,timestamp 198614753 2765804629>
 591: 08:58:26.608550 websense proxy.57572 > 192.0.72.2.80: . ack 2885832454 win 459 <nop,nop,timestamp 198614753 2765804629>
 592: 08:58:26.608656 websense proxy.57572 > 192.0.72.2.80: . ack 2885833822 win 448 <nop,nop,timestamp 198614753 2765804629>
 593: 08:58:26.609450 websense proxy.20174 > 192.0.72.2.80: . ack 2210725582 win 517 <nop,nop,timestamp 198614754 2765804645>
 594: 08:58:26.609785 websense proxy.20174 > 192.0.72.2.80: . ack 2210726950 win 556 <nop,nop,timestamp 198614755 2765804645>

I've replaced the IP with the words websense proxy and I was surfing www.nypost.com and clicking on links and getting blank pages.
0
Comment
Question by:WellingtonIS
  • 4
  • 2
6 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40216945
It looks like you've mucked with the logs more than just the IP address.
0
 

Author Comment

by:WellingtonIS
ID: 40217071
NO that's all that there is.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40217171
this is sniffer traffic, what do the asa logs say?

the other data is only one way, were you getting two way monitoring?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:WellingtonIS
ID: 40224300
I haven't check them yet - Let me check and get back to you.  I'm just trying to figure out if my issue is ASA releated, or Websense Related.  Something is stopping the internet pages from resolving.  I know it's not the actual internet because I have a proxy server set up and everything resolves fine though that - it's the same internet.
0
 

Accepted Solution

by:
WellingtonIS earned 0 total points
ID: 41042165
pleasea close this I got the contractor to take care of this.
0
 

Author Closing Comment

by:WellingtonIS
ID: 41066144
contractor took care of this.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Root STP in Cisco switch maintenance 2 46
Cisco Router help 5 51
Configuring routing and ACL for Cisco 891 router 15 43
RDP ISR4321 Cisco Router 7 23
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now