cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
0
Helpful
1
Replies

ASA CX HTTPS DECRYPTION NOT WORKING

Hi,

I'm facing somme problems with the decryption configuration.

I have applied a Windows 2012 R2 CA certificate to cx and activate decrytion.

I 've configured decryption policy and access policy to block traffic like facebook or youtube.

Everything is ok with http but https is not working as expected.

In event I can see that the deny policy is met but the trafic didnt get blocked.

How can I correct the problem?

Thanks!

1 Reply 1

oguevara08
Level 1
Level 1

I see you have the K9 license already installed but what does your "DECRYPT_ALL" policy look like? Do you have the policy set to "Decrypt Everything"? Also what is the actual error, expand that entry to see what actually went wrong.

 

On a separate note, I had to get creative on my decryption policies. Decrypting all traffic takes a heavy toll on the CX unless you are doing VMware PRSM. TAC advice to set my decryption like my access policies. Only decrypt the traffic you actually want to deny.