Hi all,
Has anyone else had any problems with the AS 540 and web proxy servers.
The architecture I am trying to implement is like this:
I'm a newbie to the AS 540. We are an office of about 40 and are served by a satellite link. Due to the poor bandwidth, we really need
I'm trying to implement like so:
------------
Web Browsers
------------
|
|
------------
Web Proxy
------------
|
|
------------ ----------
SA540 (NAT) --> Internet
------------ ----------
This works fine for HTTP, but not HTTPS.
Points to note:
- If I swap out the SA540 for a generic DLINK ADSL router HTTPS works fine.
- If I bypass the cache for HTTPS traffic HTTPS connections work fine. For architectural reasons this is not an acceptable long term approach.
- Confirmed using both IE 8 and Safari.
- Wireshark shows a limited amount of traffic on port 443 going to and from the client.
- Error message in the proxy log file reads "for host 192.168.72.92 trying to CONNECT connect://static.my.commbank.com.au:443, service-common reports: timed out waiting for data from client".
How to reproduce:
- Set up network as above.
- For the proxy server, use your choice of either:
- FreeBSD 8.2 + Squid 2.7, or;
- Solaris 11 + Sun Java System Web Proxy Server, or
- Solaris 11 + Squid 2.7
- Ensure all installs are out of the box defaults.
- On the Cisco SA 540, ensure that there are no firewall rules blocking traffic. It makes no difference if web threat protection with Protectlink can be off or on.
- Attempt to access https://encrypted.google.com/ from one of the web clients.
Model is SA540-K9 firmware is 2.1.18