topic ASA Redirecting CWS Traffic To Inside Interface in Cloud Security https://community.cisco.com/t5/cloud-security/asa-redirecting-cws-traffic-to-inside-interface/m-p/3333855#M538 <P>We are seeing a very strange issue with CWS on our ASA recently.&nbsp; Users report that all HTTPS traffic is failing.&nbsp; We disable the service rule sending that traffic to CWS and functionality is restored.&nbsp; A set of test users on a separate service rule continue to work.&nbsp; HTTP traffic on it's own rule continues to work.&nbsp; At some point later the service rule is re-enabled and traffic goes to CWS as expected and works.</P> <P>&nbsp;</P> <P>This morning I noticed something strange on the syslogs from the ASA.&nbsp; During the problem time I see syslog entries saying that traffic from the outside on a given connection is being redirected to the CWS tower on the inside interface.&nbsp; In one minute of the problem time I saw 13,350 of these messages.&nbsp; The connection number mention in the message is a connection that was started on the inside and I can see the syslog event stating that it was redirected to the CWS tower on the outside.</P> <P>&nbsp;</P> <P>So it seems to me that the return traffic should not be redirected at all, let alone pointed at the inside interface.</P> <P>&nbsp;</P> <P>We recently upgraded the ASA to 9.8(2).20 but it was more than a week before we started seeing this problem.&nbsp; Now that I know what to look for I can see that we get a handful of these events every day but very sporadically.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Has anyone seen anything like this?&nbsp;</P> <P>&nbsp;</P> <P>Thanks.</P> Sat, 09 Mar 2019 01:42:02 GMT dethomas 2019-03-09T01:42:02Z ASA Redirecting CWS Traffic To Inside Interface https://community.cisco.com/t5/cloud-security/asa-redirecting-cws-traffic-to-inside-interface/m-p/3333855#M538 <P>We are seeing a very strange issue with CWS on our ASA recently.&nbsp; Users report that all HTTPS traffic is failing.&nbsp; We disable the service rule sending that traffic to CWS and functionality is restored.&nbsp; A set of test users on a separate service rule continue to work.&nbsp; HTTP traffic on it's own rule continues to work.&nbsp; At some point later the service rule is re-enabled and traffic goes to CWS as expected and works.</P> <P>&nbsp;</P> <P>This morning I noticed something strange on the syslogs from the ASA.&nbsp; During the problem time I see syslog entries saying that traffic from the outside on a given connection is being redirected to the CWS tower on the inside interface.&nbsp; In one minute of the problem time I saw 13,350 of these messages.&nbsp; The connection number mention in the message is a connection that was started on the inside and I can see the syslog event stating that it was redirected to the CWS tower on the outside.</P> <P>&nbsp;</P> <P>So it seems to me that the return traffic should not be redirected at all, let alone pointed at the inside interface.</P> <P>&nbsp;</P> <P>We recently upgraded the ASA to 9.8(2).20 but it was more than a week before we started seeing this problem.&nbsp; Now that I know what to look for I can see that we get a handful of these events every day but very sporadically.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Has anyone seen anything like this?&nbsp;</P> <P>&nbsp;</P> <P>Thanks.</P> Sat, 09 Mar 2019 01:42:02 GMT https://community.cisco.com/t5/cloud-security/asa-redirecting-cws-traffic-to-inside-interface/m-p/3333855#M538 dethomas 2019-03-09T01:42:02Z