cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
160
Views
0
Helpful
3
Replies
Beginner

IOS Connector Configuration at ISR-G2 - CWS

Hello,

After applying the following configuration at the Cisco ISR-G2 router, the interfaces are still not coming up.

And it seems that the ISR has no connectivity to the tower.

 

Inside----Fa 0/0 ISR Fa 0/1--------- CWS Cloud

 

! Define the parameter map, specifying port 8080 for http and https and define the servers and the license:

 

parameter-map type content-scan global

server scansafe primary name proxy-a.scansafe.net port http 8080 https 8080

server scansafe secondary name proxy-b.scansafe.net port http 8080 https 8080

license 0 ****************

server scansafe on-failure block-all

source interface fa0/1

 

interface Fastethernet 0/1

content-scan outbound

 

 

 

Thanks,

 

Netmart

Everyone's tags (1)
3 REPLIES 3
VIP Advisor

Re: IOS Connector Configuration at ISR-G2 - CWS

"interfaces are still not coming up." can you elaborate more of this issue ?

 

 

good reference document for the configuration :

 

https://community.cisco.com/t5/security-documents/cisco-cloud-web-security-cws-on-isr-g2-faq/ta-p/3143157

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: IOS Connector Configuration at ISR-G2 - CWS

Hello Balaji,

Thank you for your prompt reply and the attached link.

In this Cisco Exam scenario, I do have two interfaces configured at the ISR router:

Fa 0/0 for inside and one Fa0/1 for the outside.

And both interfaces do not come up: Protocol and Status down; although both interfaces are connected and not administratively shut down. Consequently, the output of 'show content-scan summary' did show interfaces down:

 

#show content-scan summary

Primary: 72.37.244.115 (Down)*

Secondary: 80.254.152.99 (Down)

 

May be someone else did have a similar experience.

 

Regards,

 

Netmart

 

Cisco Employee

Re: IOS Connector Configuration at ISR-G2 - CWS

Hi There,

 

Thank you for providing output. Based on it I can see that both towers were retired and migrated to NGT towers.

You can perform a simple test to confirm that:

 

telnet 72.37.244.115 8080

telnet 80.254.152.99 8080

 

Both of them timeout since there is no CWS proxy listening on these IPs anymore.

 

I advise you to contact TAC regarding NGT tower assignment for your account