Hello everyone. I have a problem that has to be solved immediately. I took photo from cisco webpage that is identical to my design on particular interface. just the ip addresses are different but i will ask using ip addresses in the photo. So requirement is this way: 192.168.1.10 <---> 192.168.2.10 ICMP 192.168.1.10 <---> 192.168.2.10 80 192.168.1.10 <---> 192.168.2.10 443 But as you already understood initial traffic goes from router into server directly and answer comes through ASA and it creates problem. I permitted all possible reply traffic for all 3 protocol. And bypassed each of them through service policy. HTTP and HTTPS worked properly but 192.168.1.10 cannot ping 192.168.2.10. I tried different access-lists but no result. Finally i even permitted traffic from 192.168.2.10 into 192.168.1.10 with IP services and bypassed all IP services but ping still not working. In my case 192.168.2.10 is 10.124.49.5 and 192.168.1.10 is 10.124.41.104. As you see from ss that even acl hits are recorded. But ping is not working. What can be a problem?   ... View more

Hello, everyone. I am in my first month at new job and trying to fix some problems. One of them is that we have 2 WSAs those working in Forward mode. Browsers get WPAD.dat file from Citrix load balancer so that part of workers access internet through first WSA and another part from the second. The problem is that the previous worker uploaded https proxy certificate to secon WSA not correctly. The common name is wrong and this cause some users to get error when accessing the internet. I Security Services -> HTTPS Proxy -> Edit Settings -> and  generated new CSR with correct name. Then I signed it with our internal CA server and uploaded into WSA. The ironport accepted it. I submitted and committed changes. The problem is the users still get the old certificate and error. How I can apply my changes?   Thanks in advance.     ... View more