Re: MC reachable state speed up

teperjesi · ‎11-20-2008

Hi,

One of my cutomer is using CSA with VPN remote access. There is a rule module, witch deny all of the communication (except VPN ) utill the MC became reachable. Everything is working fine. The only problem is, that the Agent see the MC only 4-5 minutes after the VPN comes up. How can I speed up this connection chek process on the agent?

Do you have any suggestion?

Tamas

smahbub · ‎11-27-2008

Rule modules consist of one or more rules. One or more rule modules are meant to be attached to a policy. This module of rules is generally configured for a particular "modular" purpose. It is in this manner that several rules can be moved together from one policy to another or exist as part of several policies.Rule module are generally OS specific while policies are not. This way, you can scale a great many rule modules to a lesser number of policies to simplify your basic product configuration view.I think that the Agent see the MC only 4-5 minutes after the VPN comes up and it is the normal time taken.

secaronag · ‎12-04-2008

Hi Tamas,

what polling interval is set to the clients which are using the VPN Policy?

... maybe 4..5 minutes?

One of our customer has the same issue. So whenever I come back to the internal network (and thus the CSA MC is reachable) the System State "MC reachable" doesn't change until the polling interval forces an update.

Which CSA MC version do you use? (6.0.209??)

Which Client Operating system do you use?

I have already opened a TAC case, but unfortunately there is no answer from the Cisco until yet :-(

best regards,

Thomas

jan.nielsen · ‎12-06-2008

I would suggest you use the DNS suffix check instead, or as an extra system state for your policy, the problem with using only MC Reachable, is that if your CSAMC server goes down, then you will never get any traffic out of your pc's even if the vpn is established, because it still won't see the MC.