Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
828
Views
0
Helpful
3
Replies

IOS Connector Configuration at ISR-G2 - CWS

Netmart
Beginner
Beginner

‎09-01-2019 02:42 PM

Hello,

After applying the following configuration at the Cisco ISR-G2 router, the interfaces are still not coming up.

And it seems that the ISR has no connectivity to the tower.

 

Inside----Fa 0/0 ISR Fa 0/1--------- CWS Cloud

 

! Define the parameter map, specifying port 8080 for http and https and define the servers and the license:

 

parameter-map type content-scan global

server scansafe primary name proxy-a.scansafe.net port http 8080 https 8080

server scansafe secondary name proxy-b.scansafe.net port http 8080 https 8080

license 0 ****************

server scansafe on-failure block-all

source interface fa0/1

 

interface Fastethernet 0/1

content-scan outbound

 

 

 

Thanks,

 

Netmart

Labels:
0 Helpful
3 Replies 3

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

‎09-01-2019 04:08 PM - edited ‎09-01-2019 04:09 PM

"interfaces are still not coming up." can you elaborate more of this issue ?

 

 

good reference document for the configuration :

 

https://community.cisco.com/t5/security-documents/cisco-cloud-web-security-cws-on-isr-g2-faq/ta-p/3143157

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Netmart
Beginner
Beginner
In response to balaji.bandi

‎09-01-2019 04:39 PM

Hello Balaji,

Thank you for your prompt reply and the attached link.

In this Cisco Exam scenario, I do have two interfaces configured at the ISR router:

Fa 0/0 for inside and one Fa0/1 for the outside.

And both interfaces do not come up: Protocol and Status down; although both interfaces are connected and not administratively shut down. Consequently, the output of 'show content-scan summary' did show interfaces down:

 

#show content-scan summary

Primary: 72.37.244.115 (Down)*

Secondary: 80.254.152.99 (Down)

 

May be someone else did have a similar experience.

 

Regards,

 

Netmart

 

0 Helpful

opryluts
Cisco Employee
Cisco Employee
In response to Netmart

‎09-12-2019 11:21 PM

Hi There,

 

Thank you for providing output. Based on it I can see that both towers were retired and migrated to NGT towers.

You can perform a simple test to confirm that:

 

telnet 72.37.244.115 8080

telnet 80.254.152.99 8080

 

Both of them timeout since there is no CWS proxy listening on these IPs anymore.

 

I advise you to contact TAC regarding NGT tower assignment for your account

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents