Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
1
Replies

CSC-SSM-10 : Not scanning dual internet traffic

skmdimran
Level 1
Level 1

‎10-03-2011 02:21 AM - edited ‎03-09-2019 11:41 PM

Dear Concern,

I am faceing a problem with CSC-SSM-10 installation.

Please find attachment for the problem details.

Scenario description:

  • •1.     There are two Proxy server in the DMZ zone. Proxy server 1 is using ISP 2 and proxy server 2 is using ISP 1 internet connections.
  • •2.     All internet users are placed in the inside of the firewall and half of the users are using proxy1 and remain half are using proxy2.
  • •3.     CSC-SSM-10 is installed into the ASA 5520 with base and plus license.
  • •4.     Internet users traffic , who are using proxy 2 , are scanning , filtering etc properly.

Problem:

When internet users use proxy 1 for internet , traffic are not scanning , filtering etc.

Please help me or suggest me how I can scan both internet traffic.

Regards

Imran

Labels:
Preview file
29 KB
0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎10-09-2011 05:02 AM

Hi Imran,

The CSC module can only scan traffic it passes through the ASA. In your diagram, you show Proxy #1 as having a default gateway of the router connecting to ISP #2 (192.168.102.3). The ASA will never see this traffic and thus will not pass it to the CSC module for filtering.

To get this to work, you need to set Proxy #1's default gateway to be the ASA (192.168.102.1).

-Mike

0 Helpful
Customers Also Viewed These Support Documents