cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1408
Views
0
Helpful
2
Replies
ivanbarkic
Beginner

IP SLA to check internet connectivity via ISA proxy server

Hi,


I'm trying to implement IP SLA on router which should check internet connectivity via ISA server, which is proxy. I tried this two configurations:

!
ip sla 10
 http raw http://www.cisco.com source-ip 192.168.5.1 version 1.1 proxy http://192.168.255.2:8080
 http-raw-request
  GET /HTTP/1.0\r\n
  \r\n
  end
  exit
ip sla schedule 10 life forever start-time now
!


ip sla 10
 http raw http://www.cisco.com source-ip 192.168.5.1 proxy http://192.168.255.2:8080
 http-raw-request
  GET /en/US/hmpgs/index.htmlHTTP/1.0\r\n
  \r\n
  end
  exit
ip sla schedule 10 life forever start-time now

 

Both SLAs are succesful, but with Wireshark I can see that HTTP get request reaches ISA server, but no return traffic from the cisco.com is recieved on the WAN interface of the ISA server. Wireshark says for incoming GET packet "400 Bad Request. The data is invalid."

It looks like the ISA drops the connection. It seems ISA sees received HTTP GET coming not from the browser so it is not "real" http traffic.

How can I achive that HTTP GET request pass through the ISA and reach cisco.com web server. It doesn't have to be cisco.com. It can be any web site which is UP and running 24/7.

Thanks.

2 REPLIES 2
Vasilii Mikhailovskii
Rising star

Hello.

I'm not sure if the GET request is correct.

Per http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_http.html#GUID-61F9093A-B6BF-43E2-B6EB-9B0B7D72AFBE

you need:

http raw url http://192.168.255.2:8080
 http-raw-request
 GET http://www.cico.com HTTP/1.0\r\n
 \r\n
 end

Hi,

I've just done the version that works. The problem was also the fact that only authenticated users could pass ISA to reach certain web site. After adding access rule which allows unauthenticated users just for this SLA purpose I get working scenario just using this:

ip sla 10
 http get http://www.cisco.com source-ip 192.168.5.1 name-server 192.168.255.2 proxy http://192.168.255.2:8080
 timeout 2000
ip sla schedule 10 life forever start-time now

 

What seems to be a difference between this approach and using raw GET?

 

Regards