02-28-2011 10:02 AM - edited 03-11-2019 12:58 PM
We upgraded to ASA IOS 8.2.4 from 8.0.2. When the commands "filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow" and "filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow" are added the we lose internet access. We're using WebSense and command "url-server (inside) vendor websense host 192.168.1.180 timeout 30 protocol TCP version 4 connections 5"
Thank you.
02-28-2011 10:20 AM
Is websense properly configured? What the asa sees? Do a show url-server statistics. If it is up then the allow will not permit traffic.
Sent from Cisco Technical Support iPhone App
02-28-2011 10:35 AM
"sh url-ser sta"
Server Statistics:
--------------------
192.168.1.180 UP
Vendor websense
I've tried shutting down the server and we're still not allowed online. Only after we remove the filter command are we allowed online.
02-28-2011 10:57 AM
once you shut down the server how long you waited? ASA has to be aware that the server is down.
02-28-2011 11:09 AM
"sh url-ser sta"
Server Statistics:
--------------------
192.168.1.180 DOWN
Vendor websense
Waited for up to 10 after it showed it down. Thinking it may be a bug in the IOS.
02-28-2011 11:21 AM
you are testing with HTTPS traffic right?
02-28-2011 11:25 AM
Both. This wasn't a problem for us on 8.0. Thinking I'm going to upgrade to 8.4 in hopes of it working.
02-28-2011 11:30 AM
Be aware that 8.4 has differences in NAT. Check the release notes before.
05-03-2011 01:31 PM
Turns out we had a bad ASA. Cisco replaced it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide