Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
1
Replies

ASA CX HTTPS DECRYPTION NOT WORKING

ZINSOU ADAM JOCELYN ADISSO
Level 1
Level 1

‎05-08-2015 11:30 AM

Hi,

I'm facing somme problems with the decryption configuration.

I have applied a Windows 2012 R2 CA certificate to cx and activate decrytion.

I 've configured decryption policy and access policy to block traffic like facebook or youtube.

Everything is ok with http but https is not working as expected.

In event I can see that the deny policy is met but the trafic didnt get blocked.

How can I correct the problem?

Thanks!

Labels:
Preview file
52 KB
0 Helpful
1 Reply 1

oguevara08
Level 1
Level 1

‎05-14-2015 01:35 PM

I see you have the K9 license already installed but what does your "DECRYPT_ALL" policy look like? Do you have the policy set to "Decrypt Everything"? Also what is the actual error, expand that entry to see what actually went wrong.

 

On a separate note, I had to get creative on my decryption policies. Decrypting all traffic takes a heavy toll on the CX unless you are doing VMware PRSM. TAC advice to set my decryption like my access policies. Only decrypt the traffic you actually want to deny.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents