03-24-2007 02:33 PM
Hi,
Is there any way to make the ACNS to allow msn messenger to connect through it.
For a reason a blocked the default port for MSN (1863) to force it to use the port 80 so the traffic is directed to ACNS over WCCP as it is WEB traffic. It's directed but the MSN does not connect.
If i block the port 1863 and stop sending http traffic to wccp the MSN uses port 80 and connects fine.
Thanks
Solved! Go to Solution.
03-26-2007 02:37 PM
Hi,
Is good to know that you were able to find the workaround. Actually I was on the lab testing this due that I noticed that you had 2671 bypassed requests. Definitely bypassing authenticated traffic is going to resolve the issue, but I also wanted to recommend you to try another solution.
Add these commands to the CE:
- http cache-authenticated all
- http cache-cookies
and remove the bypass auth-traffic command.
This would allow the CE to cache as much as possible of the transaction. I tested and it works just fine and the CE is seeing cache hits.
As a side note, I noticed that the messenger goes on port 80 so you don't have to worry about the port 1863.
Thanks & Regards,
Jose.
03-25-2007 05:36 PM
Hi,
Can you attach a sh tech from the CE? I'll run some tests in the lab, but having a sh tech from the CE would help a lot to understand your setup. Thanks!
Regards,
Jose Quesada.
03-26-2007 04:32 AM
Sure, here is the show tech.
by the way, I have an ASA diverting traffic over WCCP to the ACNS.
03-26-2007 10:45 AM
Hi,
I noticed in the sh tech that the WCCP services seem to have synchronization problems with the ASA. The only services that seem to be running properly are the web-cache and the service 90 which you configured for the port 1863. I'll assume WCCP is working properly, as the CE is logging requests being received. Make sure the ASA is redirecting traffic with these commands: 'sh wccp' 'sh wccp web-cache detail' 'sh wccp 90 detail'. Please attach the outputs.
I'll look into this issue and get back to you. Thanks!
Regards,
Jose.
03-26-2007 11:01 AM
Acctually i delete the other services from ASA, but i don't think that it's the problem because I have the web-cache working fine. and when I block port 1863 on ASA avoiding the msn to connect directly the msn try to use the port 80 to connect, ans is treated as web traffic and diverted to the ACNS. I have a Websense on ACNS and it logs the try of access. (But doesnt access even if i disable the websense)
03-26-2007 12:28 PM
03-26-2007 01:19 PM
Hi, Jose Thanks for your help I just found out what was wrong.
For the MSN to connect I had to configure the ACNS to bypass authentication traffic.
I have done that in the path:
Caching -> Bypass -> Authentication Bypass = on
Thanks again
03-26-2007 02:37 PM
Hi,
Is good to know that you were able to find the workaround. Actually I was on the lab testing this due that I noticed that you had 2671 bypassed requests. Definitely bypassing authenticated traffic is going to resolve the issue, but I also wanted to recommend you to try another solution.
Add these commands to the CE:
- http cache-authenticated all
- http cache-cookies
and remove the bypass auth-traffic command.
This would allow the CE to cache as much as possible of the transaction. I tested and it works just fine and the CE is seeing cache hits.
As a side note, I noticed that the messenger goes on port 80 so you don't have to worry about the port 1863.
Thanks & Regards,
Jose.
04-10-2007 09:29 AM
Hi, I tried that and it worked with this commands the msn is able to connect also.
Now I'm having another problem, when I need access to some website that redirects HTTP to HTTPS it seems that the content engine does not foward the traffic to the local host.
I see that the CE initiates a connection to HTTP port in the site, then the site responds the connection redirecting it to HTTPS and not is being blocked on the firewall, but the host does not access the website. If i access straight with an "https://" in the host's browser it works fine. Some idea?
Tnaks
04-10-2007 08:50 PM
Hi,
Do you receive any error message on the browser? I would check if Websense allows all HTTPS sites, or at least the one you are trying to access. what happens if you disable Websense for a quick test?...or if you add the HTTPS web site to the allowed sites list? Thanks!
Regards,
Jose.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide