cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
2
Replies

CSC-SSM-20 cuasing issues

Josh Sprang
Level 1
Level 1

I recently implemented an ASA 5520 HA pair with CSC-SSM-20s in each non stateful per cisco.  The CSC management sits in a management subnet 192.168.4.0/24 with the management interface of the ASA as its default gateway in the same subnet.  Ever since the implementation frequently webpages will not load correctly, the formating will not look right and pictures will be red x.  If you hit f5 to refresh the pages loads fine.  If I add a deny any any eq 80 rule before the permit any any eq 80  the issue appears to go away.  TAC can't seem to find anything worng.  All we want to do is use a simple web content filter with the check boxes in the global filtering policy.  ASA is running 8.2(5) and CSC is running 6.3.1172.0.  Everything else works fine SVC and rules and such.  Any ideas why pages won't load correctly?

access-list csc-out extended deny tcp host 192.168.3.189 any eq www  <standby asa interface>

access-list csc-out extended deny tcp host 192.168.3.235 any eq www <active asa interface>

access-list csc-out extended deny tcp host 192.168.4.1 any eq www <active asa mgt interface>

access-list csc-out extended deny tcp host 192.168.4.4 any eq www <CSC 1 mgt interface>

access-list csc-out extended deny tcp host 192.168.4.3 any eq www <CSC 2 mgt interface>

access-list csc-out extended permit tcp any any eq www

class-map http

match access-list csc-out

policy-map csc-out

class http

  csc fail-open

service-policy csc-out interface outside

1 Accepted Solution

Accepted Solutions

Maykol Rojas
Cisco Employee
Cisco Employee

Try disabling HTTP scanning.

Mike

Mike

View solution in original post

2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

Try disabling HTTP scanning.

Mike

Mike

Thanks for the quick reply. Http scanning was already disabled

Sent from Cisco Technical Support iPad App

Review Cisco Networking for a $25 gift card