https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054467#M915947 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Sorry for late reply!</P><P>Now I removed that device from network. Today night I will do the configuration and let you know.</P><P></P><P>Regards,</P><P>som</P></BODY></HTML> Mon, 28 Jul 2008 03:56:55 GMT somnath21 2008-07-28T03:56:55Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054462#M915938 <P>Hi,</P><P>We have ASA 5520 in our network. Blue Coat (SG 510) is connected behind the ASA for web filtering. Blue Coat is configured as transparent device.</P><P>Blue Coat IP is 10.138.74.5.</P><P>Now the problem is from last one moth I am getting high BW utilization issue. Whenever I have connected the Blue Coat the BW utilization increased very high.</P><P>We have 4 MB internet link and sometimes it choke the entire BW. If I removed the Blue Coat everything normalized and working fine.</P><P></P><P>To resolve this issue I checked with Blue Coat vendor and after long experiment they told that problem with ASA configuration.</P><P>In Blue Coat logs we are getting lots public ip which should show internal ip only.</P><P></P><P>I have checked my ASA access-list configuration and didn't get anything wrong.In my ASA I have access-list configured for inbound access in Outside interface only.</P><P></P><P>I have attached my ASA configuration and Blue Coat logs.</P><P></P><P>Any kind of help would be appreciatedâ&#128;¦.</P><P></P><P>Regards,</P><P>som</P><P></P><P></P> Mon, 11 Mar 2019 13:20:34 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054462#M915938 somnath21 2019-03-11T13:20:34Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054463#M915940 <HTML><HEAD></HEAD><BODY><P>Hi Somenath,</P><P>I filtered the requests from the Public Ip's in the Blucoat logs you have provided.</P><P>All these requests were of the following types :</P><P></P><P>TCP_MISS = The requested object was not in the cache.</P><P>TCP_NC_MISS = Object returned from the origin server was non-cacheable.</P><P>TCP_PARTIAL_MISS = Object is in cache, but retrieval from the origin server is in progress.</P><P>TCP_ERR_MISS = An error occurred while retrieving the object from the origin server.</P><P>TCP_TUNNELED = The CONNECT method was used to tunnel this request (generally proxied HTTPS).</P><P></P><P>It is possible that the Bluecoat device is misconfigured which is allowing connections like an open proxy.</P><P></P><P>If you are allowing incoming connections from the internet to the Bluecoat Public IP then you need to block it.</P><P></P><P>Please share your ASA config, which will help to analyse better.</P><P></P><P></P><P></P><P> </P><P></P></BODY></HTML> Sat, 26 Jul 2008 08:19:04 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054463#M915940 dhananjoy chowdhury 2008-07-26T08:19:04Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054464#M915942 <HTML><HEAD></HEAD><BODY><P>Plz find my ASA config..</P><P></P><P>plz help to resolve this issue.</P><P></P><P>Thanks,</P><P>som</P><P></P><P></P><P></P><P> </P><P></P></BODY></HTML> Sat, 26 Jul 2008 09:26:43 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054464#M915942 somnath21 2008-07-26T09:26:43Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054465#M915944 <HTML><HEAD></HEAD><BODY><P>Sorry , I missed your statement above " Bluecoat device is in transparent mode" so the possibility of the bluecoat device as open proxy is ruled out.</P><P></P><P>Now I am still thinking of how the request from a Public IP is reaching your bluecoat device.</P></BODY></HTML> Sat, 26 Jul 2008 10:36:04 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054465#M915944 dhananjoy chowdhury 2008-07-26T10:36:04Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054466#M915945 <HTML><HEAD></HEAD><BODY><P>Hi, Can you try configuring the Web Access Layer rules as per below:</P><P></P><P>1 Allow only your inside IP subnets to Any Destination</P><P>2 Deny any(source) any(Destination)</P><P></P><P></P></BODY></HTML> Sun, 27 Jul 2008 07:41:19 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054466#M915945 dhananjoy chowdhury 2008-07-27T07:41:19Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054467#M915947 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Sorry for late reply!</P><P>Now I removed that device from network. Today night I will do the configuration and let you know.</P><P></P><P>Regards,</P><P>som</P></BODY></HTML> Mon, 28 Jul 2008 03:56:55 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054467#M915947 somnath21 2008-07-28T03:56:55Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054468#M915948 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes, I had done that one.</P><P>I had removed the entire policy configuartion and given permission any any.It was working fine.After that I have configured the visual policy freshly and it is working fine.</P><P></P><P>thanx a lot to u!!</P></BODY></HTML> Tue, 05 Aug 2008 10:51:44 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054468#M915948 somnath21 2008-08-05T10:51:44Z https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054469#M915950 <HTML><HEAD></HEAD><BODY><P>cool... Glad to know that its working <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Tue, 05 Aug 2008 10:53:00 GMT https://community.cisco.com/t5/network-security/problem-with-asa-and-blue-coat/m-p/1054469#M915950 dhananjoy chowdhury 2008-08-05T10:53:00Z