ASA IPS Transparent Design Solution Needed

Similar Messages

• J2EE Architectural Design Solution Needed

  Hi,
  I am coming up with an issue in designing the application architecture. It would be great if some one suggest solution for the problem.
  The basic flow of application:
  1. Client initiates a transaction from a Portlet.
  2. Portlet invokes business service component (Coarse grained Stateless Session Bean) by passing XML document.
  3. Corse grained SLSB process the incoming XML and invoke local session beans by passing relevant Document objects built by using service API.
  4. Based on Incoming Message, message splits and placed on multiple destinations (Linked by Message Queues) hosted on Enterprise Service Bus (ESB).
  5. A Message driven bean listens to the incoming request at Queue and invokes external services/Web services
  6. Response xml is built and placed Response Queue in ESB by invoking business service API.
  6. A MDB listening to the Response Queue will process outgoing messages which needs to be routed to original request invoker.
  The Messages are linked with correlation ID and request and response are tied by some rules and business logic.
  The design problem I am facing now is, how do my client waits till response comes from response queue as application need to give response to the client in synchronous manner.
  The other issue is some of the incoming requests need to be executed (placing in queue) in orderly fashion and run in a transaction. (Which I am trying to process them as command Lists in prototype using Message sets and flows in MQ, but is there any implications if try to push this logic to J2EE container)
  Thanks,
  Madhu Palutla

  I think that you need not worry about the client waiting for the response..since this is a simple request response cycle and is synchronous...thus the invoker need to wait for the response anyway.
  Secondly, I hope that you would definitely carry the points 4,5, and 6(the actual 6
  ) in a transaction, the option to choose the programmatic or declarative always remains on you.

• Need help with LAN Architecture - ASA/IPS, and ISR placement

  Dear friends, I am new to Cisco community, had no previous experience with managed networks and desperately need an advice setting up a LAN for my small business. Here is what I did so far:
  ASA w IPS is facing internet, has a webserver connected to DMZ and then ISR on the inside interface. ISR is used for running CCME/CUE VOIP and VLAN NAT. Switch is connected to the ISR with a trunk interface. I setup multiple VLANs with ACL to separate engineering/management/sales/fileserver. Inter VLAN routing is enabled on the switch to allow Gigabit routing from the Fileserver VLAN to the Engineering VLAN.
  I know this is probably overkill for a 4 people company, but my objective is to be ready for possible attacks form both outside and inside and to ensure business continuity and minimal service interruptions.
  My question, would it be more practical to connect ASA directly to the switch and do VLAN NAT on the ASA instead of the router? This way if router fails, I loose VOIP but not Internet and if ASA fails, I only loose internet, while phones will stay operational. This approach should also let me use ASA IPS to monitor inter VLAN traffic, so if 1 of the user PCs gets infected, hopefully IPS will contain the damage to a single VLAN.
  What would experienced network architect do in my case? Any suggestions?
  Please, forgive me if I misunderstood something or did something silly, as this is my first network setup (not including household grade routers)
  Thank you very much in advance!

  Thank you for your response!
  I still keep debating if it has any advantages to use a Router in between ASA and the switch, or should I connect switch directly to
  ASA, so the only function of the router is to run VOIP?
  I saw multiple network diagrams which all had a border router, then ASA then switches. In my case router runs VOIP and I would want it to be behind ASA. Any benefits of running internet traffic through both ASA and a router?
  For redundancy, we can’t really afford 2nd ASA at this time, for now I would want to make sure there is as little chance as possible that both phones and internet go out simultaneously. 

• ASA in transparent mode and IP addresses

  Hello,
  I need to put an ASA in transparent mode.
  Our router (managed by the carrier) routes more than one public IP class in a single VLAN.
  On the "Cisco Security Appliance Command Line Configuration guide", in "Trasnaprent Firewall Guidelines" it's written: "Each directly connected network must be on the same network".
  This means also that I can have ONLY ONE subnet that flows fron the outside and the inside, or can I have more than one class?
  If I can have only one class, the only solution is to use multiple context (and separate each classes in different interfaces)?
  Thanks a lot

  The ASA in trasparent mode works at layer 2. So it really does not care if the traffic that flows through it is from different subnet as long as the L3 devices it connects to knows how to reach these subnet. TheASA in transparent is basically a bump in the wire (a bridge) and for that reason you can only use 2 interfaces on the ASA in transparent implementation.
  P.S. When people see attitude in your threads, they will refrain from answering your question. That's for future reference.

• New to IPS, what do I need to plan before I turn this on?

  Hi, I have an ASA 5520 AIP-SSM 10. I'm having a consultant in to enable and upgrade our IPS on our ASA from 1.5 to 1.6 so it's intergrated into the ASDM (sounds difficult). He said I need to plan what policies we need to enable for the interfaces and DMZ's etc.
  This is very new to me and I wondered if this is right, as it sounds bigger than I first thought. Basically I want my network to my as secure as possible and turning on the IPS we bought is needed.
  Any advise, links etc would be most welcome.

  Go to cisco.com, put this into the search field, download the pdf and read all 799 pages.
  Configuring the Cisco Intrusion Prevention
  System Sensor Using the Command Line
  Interface 6.0
  Sorry to be the bearer of bad news, but that is the only way to truly understand this enigmatic box.
  Matt

• Transparent design with router on both sides?

  I am looking to solve a design which has to work in two scenarios. Preferably with an in-line solution.
  1. Transparent design with VRF on both sides:
  FW-VRF (Subnet A)
        |
        | (VLAN 11)      | ACE (Subnet A)
        |
        | (VLAN 12)
        |
  LAN-VRF
        |
        |  (VLAN 13)
        |
  Real servers (Subnet B)
  2. Transparent design in plain bridge mode
  FW-VRF (Subnet A)
        |
        | (VLAN 11)      |
     ACE (Subnet A)
        |
        | (VLAN 12)
        |
  Real servers (Subnet A)
  As mentioned, I am aiming for a single design for both scenarios. A routed design will not pass in the first scenario and a one-arm solution will be inefficient in the second scenario. (both due to existing infrastructure) Is it possible to solve this with a transparent solution in both scenarios? I can't seem to get it to work.
  Thanks in advance for any help!

  I'm gonna expand my question a bit as I can not seem to get a working config in scenario 1. From the ACE I can ping the VRFs on both side of the ACE. I can on the other hand not ping neither the bvi-address of the ACE nor one VRF from the other. Can anyone notice any immediate errors in my config? Thanks in advance for any help!
  Addresses:
  10.3.66.1 - FW_VRF on client side
  10.3.66.6 - LAN_VRF on server side
  10.3.66.7 - BVI if on ACE
  ===Admin===
  resource-class TEST_res
  limit-resource all minimum 10.00 maximum unlimited
  boot system image:c4710ace-mz.A3_2_0.bin
  hostname 4710Appl
  interface gigabitEthernet 1/1
  description Management port
  switchport access vlan 752
  no shutdown
  interface gigabitEthernet 1/2
  description Client side LAN
  switchport trunk allowed vlan 2522
  no shutdown
  interface gigabitEthernet 1/3
  description Server side LAN
  switchport trunk allowed vlan 2524
  no shutdown
  interface gigabitEthernet 1/4
  shutdown
  access-list BPDU ethertype permit bpdu
  access-list ALL line 8 extended permit ip any any
  access-list everyone line 8 extended permit ip any any
  access-list everyone line 16 extended permit icmp any any
  class-map type management match-any REMOTE_ACCESS
  description Remote access traffic match
  2 match protocol ssh any
  3 match protocol icmp any
  4 match protocol snmp any
  policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
  permit
  interface vlan 752
  description Management VLAN
  ip address 10.7.52.63 255.255.255.0
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown
  ip route 0.0.0.0 0.0.0.0 10.3.66.1
  context TEST_context
  allocate-interface vlan 752
  allocate-interface vlan 2522
  allocate-interface vlan 2524
  member TEST_res
  context TEST_context_routed
  username admin password 5 $1$bale5EiS$bEdquz.bbcW3wRcfeSzbu/  role Admin domain
  default-domain
  username www password 5 $1$bsOdgxav$1uywtkwFEj3QalKaOTrkZ1  role Admin domain de
  fault-domain
  ssh key rsa 1024 force
  ===Application context===
  access-list ALL line 8 extended permit ip any any
  access-list ALL line 16 extended permit icmp any any
  class-map type management match-any REMOTE_ACCESS
  description Remote access traffic match
  2 match protocol ssh any
  3 match protocol icmp any
  policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
  permit
  interface vlan 752
  ip address 10.7.52.64 255.255.255.0
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown
  interface vlan 2522
  description Client side VLAN
  bridge-group 1
  access-group input ALL
  access-group output ALL
  no shutdown
  interface vlan 2524
  description Server side VLAN
  bridge-group 1
  access-group input ALL
  access-group output ALL
  no shutdown
  interface bvi 1
  ip address 10.3.66.7 255.255.255.240
  no shutdown
  ip route 0.0.0.0 0.0.0.0 10.3.66.1

• Design Help Needed Desprately

  Okay... I am trying to solve this problem but no ideas are popping into my head. I will explain my current design and if anyone has any solutions please let me know. The design may need to be reworked.
  Currently I have an index.html page split in 3 (A left and right, but the left frame has a top and bottom)
  The left top frame has input boxes. I am sending that information to a servlet that creates a webpage to go into the bottom box.
  Based on the information that the servlet recieves I also want to update the bottom left with an image dynamically.
  Any ideas.... Should I use JSP in anyway ?
  Thanks in advance.

  Use javascript to tell the bottom frame to reload,
  getting the new imageOkay, someone at work told me this method... something like including the javascript inside the onload= of the HTML body tag of the right frame.. so when it loads the bottom left will reload. Can the bottom left page by a static HTML page, if so how will I change the picture. If I make it a jsp page or something I can just share a variable with the servlet ?

• Cisco ASA IPS vs Bruteforce

  Who can help me, I need device that will block bruteforce attack to our webmail servers, 5 wrong password input = block for 10 min, for example.
  Can I use for this Cisco ASA IPS?

  Depending on how your specific webmail server works, perhaps you could use/tune:
  SIG 6256.0 (HTTP Authorization Failure)
  -or-
  SIG 20020.0 (HTTP Authentication Brute Force Attempt)
  Or, create a custom signature based off of one of the above.

• CSM / ASA IPS -- upstream signature package includes hundreds of retired signatures

  CSM / ASA IPS -- upstream signature package includes hundreds of retired signatures
  When I push new signatures that CSM downloads and applies for me, I get hundreds of retired signatures.  I have tried to wipe signature policy and create fresh and anew - it seems as if CSM isn't marking 'new' signatures for application to existing signature configuration files.  The deltas betwen previous versions do not get applied.
  Is this a common occurance for other people running CSM?

  Hi JP,
  The signatures need to be enabled and unretired for them to function.
  The following FAQ described this process in detail:
  http://www.cisco.com/web/about/security/intelligence/ips_sig_faq.html#2
  Hope this is helpful.
  Regards
  Neil Archibald
  IPS Signature Development Team

• Asa 5505 transparent firewall issue

  hi i am having uc560 with voice and data vlan and i am having 3560 layer3 switch and my network is working fine the dhcp for voice and data both are running in uc560.
  now i  add asa 5505 between uc560 and switch in transparent mode means from uc560 to asa 5505 outside interface and from asa inside interface to switch,
  i conigured vlan1 -- inside and vlan 2 as outside in asa  5505
  in my uc 560 data is vlan 1 and my voice is vlan 100.
  when i connect my network with transparent mode firewall no dhcp amd no phones are working . but if i remove asa and i connect with uc560 to switch everything is fine.
  is there anyway to work multiple voice and data vlan in asa 5505 transparent mode.

  hi rojas,
  here is my problem,
  my internet and voice all connected in the uc 560 so wat i am doing i am connecting firewall outside to uc 560 trunk port and the from inside to my switch.
  when i connec to my switch it is giving message inconsistant vlan and it is port is blocked. and my phones are not working.
  my data vlan1 is 192.168.123.x
  and my voice vlan100 is  10.1.1.x
  and the firewall ip 192.168.123.3

• I have a MacBook Pro 13.3 OS- MAC OS X LION.Whenever I am staring the computer, it says You need to restart your computer by pressing the power button.I did this number of times and everytime it freezes to the same screen.Solution needed urgently pls.

  I have a MacBook Pro 13.3 OS- MAC OS X LION.
  Whenever I am staring the computer, it says You need to restart your computer by pressing the power button.
  I did this number of times and everytime it freezes to the same screen.Solution needed urgently pls.
  Thank you for any help in this regard that comes fast.

  The details of the kernel-panic report is as follows-
  Interval Since Last Panic Report:  1458653 sec
  Panics Since Last Report:          6
  Anonymous UUID:                    70BA6A**************************************************
  Sun Sep 16 23:00:13 2012
  panic(cpu 0 caller 0xffffff80002c4794): Kernel trap at 0xffffff8000290560, type 14=page fault, registers:
  CR0: 0x0000000080010033, CR2: 0x0000000000800028, CR3: 0x000000000a509005, CR4: 0x00000000001606e0
  RAX: 0x0000000000000001, RBX: 0x0000000000820000, RCX: 0xffffff801122dc40, RDX: 0x0000000000020501
  RSP: 0xffffff80ef3d3da0, RBP: 0xffffff80ef3d3dc0, RSI: 0x000000002b1d78b6, RDI: 0xffffff800342d280
  R8:  0xffffff80ef3d3f08, R9:  0xffffff80ef3d3ef8, R10: 0x000000010d901000, R11: 0x0000000000000206
  R12: 0xffffff800342d280, R13: 0x0000000000000000, R14: 0xffffff8011cd6500, R15: 0x0000000000800000
  RFL: 0x0000000000010206, RIP: 0xffffff8000290560, CS:  0x0000000000000008, SS:  0x0000000000000000
  CR2: 0x0000000000800028, Error code: 0x0000000000000000, Faulting CPU: 0x0
  Backtrace (CPU 0), Frame : Return Address
  0xffffff80ef3d3a50 : 0xffffff8000220792
  0xffffff80ef3d3ad0 : 0xffffff80002c4794
  0xffffff80ef3d3c80 : 0xffffff80002da55d
  0xffffff80ef3d3ca0 : 0xffffff8000290560
  0xffffff80ef3d3dc0 : 0xffffff800026c9c3
  0xffffff80ef3d3f40 : 0xffffff80002c3fbb
  0xffffff80ef3d3fb0 : 0xffffff80002da481
  BSD process name corresponding to current thread: fsck_hfs
  Mac OS version:
  11E2620
  Kernel version:
  Darwin Kernel Version 11.4.2: Wed May 30 20:13:51 PDT 2012; root:xnu-1699.31.2~1/RELEASE_X86_64
  Kernel UUID: 25EC645A-8793-3201-8D0A-23EA280EC755
  System model name: MacBookPro9,2 (Mac-6F01561E16C75D06)
  System uptime in nanoseconds: 4850001132
  last loaded kext at 1796984176: com.apple.driver.BroadcomUSBBluetoothHCIController    4.0.7f2 (addr 0xffffff7f80e16000, size 57344)
  loaded kexts:
  com.apple.driver.BroadcomUSBBluetoothHCIController    4.0.7f2
  com.apple.driver.AppleUSBTCButtons    227.6
  com.apple.driver.AppleUSBTCKeyEventDriver    227.6
  com.apple.driver.AppleUSBTCKeyboard    227.6
  com.apple.driver.AppleIRController    312
  com.apple.AppleFSCompression.AppleFSCompressionTypeDataless    1.0.0d1
  com.apple.AppleFSCompression.AppleFSCompressionTypeZlib    1.0.0d1
  com.apple.BootCache    33
  com.apple.iokit.SCSITaskUserClient    3.2.1
  com.apple.driver.XsanFilter    404
  com.apple.iokit.IOAHCISerialATAPI    2.0.3
  com.apple.iokit.IOAHCIBlockStorage    2.0.4
  com.apple.driver.AppleFWOHCI    4.8.9
  com.apple.driver.AirPort.Brcm4331    560.7.21
  com.apple.driver.AppleSDXC    1.2.2
  com.apple.driver.AppleUSBHub    5.0.8
  com.apple.iokit.AppleBCM5701Ethernet    3.2.4b8
  com.apple.driver.AppleEFINVRAM    1.6.1
  com.apple.driver.AppleSmartBatteryManager    161.0.0
  com.apple.driver.AppleAHCIPort    2.3.0
  com.apple.driver.AppleUSBEHCI    5.0.7
  com.apple.driver.AppleUSBXHCI    1.0.7
  com.apple.driver.AppleACPIButtons    1.5
  com.apple.driver.AppleRTC    1.5
  com.apple.driver.AppleHPET    1.7
  com.apple.driver.AppleSMBIOS    1.9
  com.apple.driver.AppleACPIEC    1.5
  com.apple.driver.AppleAPIC    1.6
  com.apple.driver.AppleIntelCPUPowerManagementClient    195.0.0
  com.apple.nke.applicationfirewall    3.2.30
  com.apple.security.quarantine    1.3
  com.apple.security.TMSafetyNet    8
  com.apple.driver.AppleIntelCPUPowerManagement    195.0.0
  com.apple.driver.AppleUSBBluetoothHCIController    4.0.7f2
  com.apple.iokit.IOBluetoothFamily    4.0.7f2
  com.apple.driver.AppleFileSystemDriver    13
  com.apple.driver.AppleUSBMultitouch    230.5
  com.apple.driver.AppleThunderboltDPInAdapter    1.8.4
  com.apple.driver.AppleThunderboltDPAdapterFamily    1.8.4
  com.apple.driver.AppleThunderboltPCIDownAdapter    1.2.5
  com.apple.iokit.IOUSBHIDDriver    5.0.0
  com.apple.driver.AppleUSBMergeNub    5.0.7
  com.apple.driver.AppleUSBComposite    5.0.0
  com.apple.iokit.IOSCSIMultimediaCommandsDevice    3.2.1
  com.apple.iokit.IOBDStorageFamily    1.7
  com.apple.iokit.IODVDStorageFamily    1.7.1
  com.apple.iokit.IOCDStorageFamily    1.7.1
  com.apple.driver.AppleThunderboltNHI    1.6.0
  com.apple.iokit.IOThunderboltFamily    2.0.3
  com.apple.iokit.IOSCSIArchitectureModelFamily    3.2.1
  com.apple.iokit.IOFireWireFamily    4.4.5
  com.apple.iokit.IO80211Family    420.3
  com.apple.iokit.IOEthernetAVBController    1.0.1b1
  com.apple.iokit.IONetworkingFamily    2.1
  com.apple.iokit.IOUSBUserClient    5.0.0
  com.apple.iokit.IOAHCIFamily    2.0.8
  com.apple.iokit.IOUSBFamily    5.0.8
  com.apple.driver.AppleEFIRuntime    1.6.1
  com.apple.iokit.IOHIDFamily    1.7.1
  com.apple.iokit.IOSMBusFamily    1.1
  com.apple.security.sandbox    177.5
  com.apple.kext.AppleMatch    1.0.0d1
  com.apple.driver.DiskImages    331.7
  com.apple.iokit.IOStorageFamily    1.7.2
  com.apple.driver.AppleKeyStore    28.18
  com.apple.driver.AppleACPIPlatform    1.5
  com.apple.iokit.IOPCIFamily    2.7
  com.apple.iokit.IOACPIFamily    1.4

• Solution needed for Blocked material problem

  Hi Guys,
  Scenario  :   There are two plants in a Location(Plant A & B) and a Customer.Now the Material is blocked  so that after the sales order the material will not be allowed to move from Plant A to B as well as the
  material will not be moved to the customer end.
  Solution needed :  I need to move the blocked material from Plant A to Plant B,But the material shouldn't be transferred  to  the customer end.
  How should I proceed for this problem?
  Regards
  Jino.

  hi,
  Theres a functionality in the material master...MRP view were u cld deifne theplant spcfc material status were u cld define the status and even u cld fnd it in Sales organisation data were u cld block for the particular functionality...
  PLS check that and define as per u r reqmnt.. and try
  Hope this helps u out
  Regards,
  sravanthi
  Edited by: Sravanthi683 on Jun 22, 2009 1:45 PM

• Oracle UCM/IPM Issue - Urgent Solution needed

  Hi folks,
  Solution needed for the below problem in oracle IPM/UCM cluster .
  General Scenario :
  The document checked in Oracle UCM can be viewed through IPM Viewer only if the security group of the document is set to a IPM Profile .
  The IPM Profile is created in Oracle UCM Configuration Manager Component whenever a application is created in IPMServer .
  Issue in Clustering :
  IPMApplication created in host 1 is creating profile in UCM Component Manager of host 1 but not in UCM Host2 component manager (Vice Versa).
  This affects url generations of checked in documents through proxy since the IPM profile is not available in cluster.
  Scenario :
  IPM MetaData UCM Component Manager(Profile)
  Host1 Host2 Host1 Host2 Host1 Host2
  IPM_APP_1 Visible Visible Visible Visible Not Visible
  Visible IPM_APP_2 Visible Visible NotVisibe Visible

  hi
  Error Message is- "Invoiced quantity is greater than mother invoice quantity".
  this error means your Depot invoice quantity is high, please check your mother invoice quantity, its means branch invoice quantity , and depot invoice quantity , is deferent so , please check both invoice quantity ,
  and also check you migo,
  ME21N-VL10B-VL02N-VF01-J1IIN-MIGO-VA01-VL01N-J1IJ-VF01, in this process you can do J1IG , Its process
  me21n-vl10b-vl02n-vf01-j1iin-migo-j1ig-va01-vl01n-j1ij-vf01, this is process of depot sales, so please check this process

• Please help me with portfolio.I am new in graphic design.I need portfolio done immediately soon as possible otherwise my design advisor will not let me register for fall. I need 15 or 10 artworks to show.Please help me

  Please help me with portfolio.I am new in graphic design.I need portfolio done immediately soon as possible otherwise my design advisor will not let me register for fall. I need 15 or 10 artworks to show.Please help me.

  Farooq,
  If you look at the first one, you should be able to align quite easily as follows, View>Smart Guides being your friends:
  1a) ClickDrag the top flower with the Selection Tool (black arrow) so it is clear of the pointy part;
  1b) Click an empty spot on the Artboard to deselect, then ClickDrag the top flower by its bottom Anchor Point (Smart Guides say anchor when you are close enough to grab it) down to snap to the top Anchor Point on the pointy part (Smart Guides say anchor when you are close enough);
  1c) Do the same for the boroom flower.
  If you look at the third one, to get the triangles and the hexagon sized and aligned precisely, you may, creating them with stroke and no fill:
  3a) Click with the Polygon Tool and select a suitable/chosen Radius and 6 Sides, then Object>Transform>Rotate by 30 degrees (or use the Rotate option in the Transform palette), you may Object>Transform>Reset Bounding Box to have it look nicer;
  3b) Click with the Polygon Tool and select the same Radius and 3 sides, then deselect and ClickDrag the top Anchor Point to snap to the top Anchor Point of the hexagon;
  3c) Object>Transform>Rotate by 180 degrees clicking Copy, deselect, and ClickDrag the bottom Anchor Point to snap to the bottomAnchor Point of the hexagon;
  3d) Select all and Ctrl/Cmd+G to Group (for alignment purposes, you will know why if you try without grouping, see below).
  To create full symmetry, you may use circles rather than almost circular ellipses; you may:
  3d) Click with the Ellipse Tool and select a suitable/chosen Width = height;
  3e) Object>Transform>Move a copy vertically by the Height (= Width) twice (or you may Ctrl/Cmd+D to repeat), to get three circles over one another with no gaps;
  3f) Select the topmost and bottommost ones and Object>Transform>Rotate a copy by 120 degrees twice, to have all the seven circles precisley touching one another; you may Group them, but it is not necessary.
  To have everything aligned, just:
  3g) Select everything and click Vertical Align Center and Horizontal Align Center in the Align palette; you may click the pointy group or the circles ojnce more before aligning if you want to keep it in place (that will make it the key object that the other set is aligned to).
  These ways may also help you further.
  Edit: About half an hour after midnight here. High time to attend to other duties, before the sun is up.

• Websockets TCP RST through ASA+IPS and ACE

  Hello,
  We recently deployed a new websockets project within our existing web infrastructure. The websockets traffic (as all the rest of normal web traffic) is crossing an ASA + IPS module  where I do NAT and and then is forwarded to an ACE load balancer where two real server are configured in the server farm in active/standby mode (not load balancing) due the websockets nature. Everything seems to work fine but sometimes (once every 4 days or so) and based upon the server logs a TCP Reset gets the application server and bring down the whole application.
  It's clear that this application as a bug but I would like to avoid that TCP reset as a workaround while application team fix the ibug as the go-live is soon. Anybody faced this issue and can help me to find where that supposed TCP reset comes from? I didn't get IPS alerts.
  Server log:
  "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.    at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)"
  Thanks,
  Miquel

  Hi Miquel,
  A packet capture on the server shall show the origin of TCP RST. If you are natting the source traffic then take front end pcaps at front end of firewall as well as at backend and similarly for ACE, to see what is the origin of TCP RST. Normally, it should be from client if it is received on the server. LB's just forward the traffic to the server but it depends and it could be loadbalancer resetting the connection. But we don't have any details to be sure. So packet captures would be our best friend here.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.