cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5762
Views
0
Helpful
5
Replies

Cisco SMA to WSA connection not establishing

mohamed fayz
Level 1
Level 1

Hai, i was trying to add my cisco ironport WSA to SMA (both are in same subnet). I enabled monitoring service like

Centralized reporting and Centralized Configuration Manager in SMA. After i added the WSA ip and hostname in SMA and try to establish connection, but after several minutes it is showing timeout error.

Can you please let me know what should be the reason??? Do i need to enable anything on cisco WSA ??

Regards,

Mohamed Fayz


5 Replies 5

Erik Kaiser
Cisco Employee
Cisco Employee

Hi Mohamed,

Log into the GUI -> Management Appliance -> Centralized Services -> Security Appliances -> Add the IP address & hostname in the appropriate fields -> Establish Connection then Test Connection. Let me know if that works for you.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator

Hai Erik Kaiser,

Thank you for you help dear.

Actually i tried that. I enabled centralized reporting in WSA. In SMA i enable centralized reporting and  Centralized Configuration Manager. Then i follow the procedure as you mentioned. But  its ends up with an error showing Error-> timeout.

What should be the reason???

I would recommend that you take a packet capture on either of the appliances, and filter for the IP address of the other to see how far it is getting.  From this capture, we can determine if it is indeed a connectivity problem or something beyond that.

-Vance

Hi, actually I have the same problem, when trying to establish a connection from SMA to my WSAV (virtual web security appliance). I cannot add anymore my WSAV to my SMA. We have checked the network and connectivity is working for sure. I have also tried connecting from SMA command line to the WSAV and this is working (for ping and also a telnet to the SSH port 22 to ensure that SSH server on my WSAV is responding to my SMA and I get the prompt showing also the SSH FreeBSD version).

 

Here the output for telnet from SMA to WSAV port 22, which looks good:

cisco.example.com> telnet 172.44.21.5 22

Trying 172.44.21.5...
Connected to 172.44.21.5.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.4p1 FreeBSD-20100308
^]
telnet> q
Connection closed.

 

The connection from SMA to WSAV was working before, but just for testing purposes, I disabled WSAV from the SMA (I wanted to take some screenshots for our team on how to bind WSAV to the SMA and now I cannot establish again the connection --> same error: time out error after a few minutes). I've already reset SMA completely and reinstalled and also rebooted the both devices several times but ending again with the same timeout error ... WSAV is 8.0.5 and SMA is 8.3.6-014 (which is good due to the compatiblity matrix).

I will go on and do some testing, as I need this working again until monday...

In the meantime if you have suggestions, feel free to give me some hints :)

I'll come back to you if I would find a solution or some kind of explanation.

Greetings

Ciro

Ok, i found the problems for my deployment.

Most likely it was due to ESX performance issues causing unexpected network errors (we had an internal training and several additional virtual machines running today).

Now that network is free again, everything is working fine as expected.

So I guess that when you see the timeout errors, the root cause is most likely the underlying network (or in my case the virtual network performance). 

Greetings

Ciro