can't get wsa360 to pass traffic in L4 mode......

ALEX CULVER · ‎10-02-2011

link lights will come on can't get it to pass traffic.

is there a speed and duplex setting on those ports? can't find it in the web interface, perhaps it's in the cli?

t1 is connected to my l3 internal switch

t2 is connected to my asa firewall

i'm assuming that it will fit in the middle like this when in L4 mode...

anybody have any ideas?

Ken Stieers · ‎10-02-2011

Alex,

Are you trying to use the WSA as an "inline" device? It is not designed to do that...

It sits to the side of the flow and you direct traffic to it one of 2 ways: WCCP off of your ASA, or via proxy settings on the client, whether you do it manually, PAC file, group policy...

M1 should be connected, that's your managment interface.

P1 should be connected, and you run WCCP on the ASA to get traffice to it so that that traffic gets proxied.

T1 can be connected, and you echo the port that the ASA is connected to the port that T1 is connected to to get the L4 traffic monitoring (its the destination for an ethernet tap, the WSA doesn't do the ethernet tap itself)

Take a look at the quickstart guide (you should have one on paper in the box).

http://www.cisco.com/en/US/docs/security/wsa/hw/S660_and_S360_QSG.pdf

And take a look at this to get all the rest set up, including WCCP on the ASA.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/H1CY11/SBA_Mid_BN_WebSecurityDeploymentGuide-H1CY11.pdf

Speaking of ASA, what version is you ASA? There was a fix in 8.2.1 or 8.2.2 that made WCCP far more stable...