cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2502
Views
0
Helpful
5
Replies

PAC file and ASA

mahesh18
Level 6
Level 6

Hi eveyone,

I have PC  which has proxy configured and i can access all the websites with it.

Traffic goes via firewall and websense.

Another PC with no proxy configured i can not access some websites.

FW logs shows when the connection is not made

Apr 22 2013 15:03:28: %ASA-4-507003: tcp flow from  to outside:terminated by inspection engine, reason - inspector reset unconditionally.

Apr 22 2013 15:03:28: %ASA-6-302014: Teardown TCP connection 4984216 for outside:/443 to :/59557 duration 0:00:00 bytes 123 Flow closed by inspection
Apr 22 2013 15:03:28: %ASA-4-507003: tcp flow from /59557 to outside:/443 terminated by inspection engine, reason - inspector reset unconditionally.
Apr 22 2013 15:03:28: %ASA-5-304002: Access denied URL https://x.x.x.x/ SRC  DEST  on interface .

So need to know if connection is not made to those websites then traffic goes via firewall only?

it does not touch the websense?

When proxy is config on browser how hoes firewall handle the request then?

If someone can explain me traffic flow from PC to Websense please?

Thanks

MAhesh

2 Accepted Solutions

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Mahesh,

So basically with the Proxy you can access any outside server but without  the proxy you cannot right?

Can you share the show run policy-map

Regards,

Julio,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Hello,

No , I dont,

I said that I am definelty not a websense expert but I will check the reports/logs on the websense appliance and then filter based on your client ip address having issues

regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Mahesh,

So basically with the Proxy you can access any outside server but without  the proxy you cannot right?

Can you share the show run policy-map

Regards,

Julio,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

By mistake i deleted all the replies

Do you still have window open for this post?

Any idea if i can get all the replies back from this post?

Thanks

MAhesh

Hello,

No , I dont,

I said that I am definelty not a websense expert but I will check the reports/logs on the websense appliance and then filter based on your client ip address having issues

regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thnaks Julio.

Your answers gave me something to look for in right direction.

Best regards

Mahesh

Hello,

My pleasure mahesh,

Have a great day

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Review Cisco Networking for a $25 gift card