05-04-2012 07:28 PM - edited 03-11-2019 04:02 PM
I recently implemented an ASA 5520 HA pair with CSC-SSM-20s in each non stateful per cisco. The CSC management sits in a management subnet 192.168.4.0/24 with the management interface of the ASA as its default gateway in the same subnet. Ever since the implementation frequently webpages will not load correctly, the formating will not look right and pictures will be red x. If you hit f5 to refresh the pages loads fine. If I add a deny any any eq 80 rule before the permit any any eq 80 the issue appears to go away. TAC can't seem to find anything worng. All we want to do is use a simple web content filter with the check boxes in the global filtering policy. ASA is running 8.2(5) and CSC is running 6.3.1172.0. Everything else works fine SVC and rules and such. Any ideas why pages won't load correctly?
access-list csc-out extended deny tcp host 192.168.3.189 any eq www <standby asa interface>
access-list csc-out extended deny tcp host 192.168.3.235 any eq www <active asa interface>
access-list csc-out extended deny tcp host 192.168.4.1 any eq www <active asa mgt interface>
access-list csc-out extended deny tcp host 192.168.4.4 any eq www <CSC 1 mgt interface>
access-list csc-out extended deny tcp host 192.168.4.3 any eq www <CSC 2 mgt interface>
access-list csc-out extended permit tcp any any eq www
class-map http
match access-list csc-out
policy-map csc-out
class http
csc fail-open
service-policy csc-out interface outside
Solved! Go to Solution.
05-04-2012 07:49 PM
05-04-2012 07:49 PM
Try disabling HTTP scanning.
Mike
05-04-2012 08:35 PM
Thanks for the quick reply. Http scanning was already disabled
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide