Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
7
Replies

Cisco S000V 10.1.3-054 refused connections - Explicit Proxy

mazam
Level 1
Level 1

‎04-04-2021 03:20 AM

I've deployed an S000V Web Security Virtual Appliance with a demo license an all default configurations using the quick start guide.

It only has the M1 interface 10.0.0.2.

I configured my PC LAN proxy settings for 10.0.0.2:3128 and again for port 80.

When I configure the PC LAN proxy then my access to the internet breaks.  Chrome says ERR_PROXY_CONNECTION_FAILED, Firefox says the proxy refused the connection.

 

log files aclog, proxyerrlog and system files are attached for the reference

 

Where can I start to make this work as an explicit web proxy?

 

thank you,

Labels:
logs.zip
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎04-04-2021 05:19 PM

M1 is only for Management, if you like to setup a proxy you need to have internet routes sending out to the internet, not sure how this WSA connected to the internet.

 

check below document :

 

http://www.network-node.com/blog/2016/8/16/wsa-setup

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mazam
Level 1
Level 1

‎04-04-2021 11:18 PM

Hi Balaji,

 

thanks for your response. M1 set to default gateway and has done verification using sending some icmp's sourcing by M1.

so in short i do have internet reachability using M1 interface. 

 

I do have followed all the steps mentioned in kb unfortunately it didn't worked out for me.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mazam

‎04-05-2021 01:09 AM

if you followed the steps and interface have internet reachability. then make sure you have bounded the ports to right interface use below thread example :

 

https://community.cisco.com/t5/web-security/brand-new-wsa-demo-refusing-to-proxy-web-traffic/td-p/2733152

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mazam
Level 1
Level 1
In response to balaji.bandi

‎04-05-2021 02:09 AM

yes M1 is listening on 3128 and 80. 

Since i have verified using netstat and nmap both ports are open and in LISTEN state

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mazam

‎04-05-2021 06:29 AM

I have provided what is the best to setup, most of the replies come back you have done all but sitll not working.

 

since we do not know what settings were done there. so please post all the screen short and ACP rules you setup one which shows allows.

 

also check the Logs command level 

 

ssh to WSA

> grep 

>1

> Enter

>enter

> Y (tail the logs)

> enter

 

Browse the site it will give you logs of why it was failing.

 

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117830-qanda-wsa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mazam
Level 1
Level 1
In response to balaji.bandi

‎04-05-2021 07:02 AM

Hi Balaji,

 

thanks for sharing kb's that really helpful.

attached are the relevant screen shots for the solution. i have checked using wsa cli i have internet reahability and dns resolution is working as expected.

36 KB
37 KB
49 KB
85 KB
61 KB
39 KB
44 KB
14 KB
0 Helpful

mazam
Level 1
Level 1
In response to balaji.bandi

‎04-05-2021 07:08 AM

 
42 KB
0 Helpful
Customers Also Viewed These Support Documents