Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
766
Views
0
Helpful
2
Replies

Https traffic not routing to Ironport

Go to solution
Joel Fox
Level 1
Level 1

‎02-26-2014 06:36 AM

Greetings - I have an Ironport issue that is really starting to bug me!  We have an S170 appliance installed, and for port 80 traffic it is working properly. However, I cannot for the life of me get port 443 traffic to hit the Ironport appliance.  I have a Cisco ASA 5520 set up with the recommended configs, which is pretty basic. However, when tailing users, I see all traffic with the exception of https... I have no idea why. I changed the WSA to "permit" http and https traffic, but no dice.  Is there something on the firewall that should be set that I am missing? 

Our firewall is ver 8.2; Under the WCCP service groups and redirection it is set up as default, and the acl manager is set to permit http and https traffic. It seems to me that it is a firewall routing issue, but I have no idea what or why!  I know this is pretty vague, but I'm thinking I must be missing something very obvious!

Thanks in advance....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎02-26-2014 07:38 AM

Under Network/Transparent Redirection, look at the ports listed in your service profile... that should include the SSL ports that you want redirected.   You have to use a Dynamic service ID.  0 only sends port 80.   (The WSA "asks" for what traffic it wants, the router config is all about limiting what can be asked for, and where it should go.)

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Ken Stieers
VIP
VIP

‎02-26-2014 07:38 AM

Under Network/Transparent Redirection, look at the ports listed in your service profile... that should include the SSL ports that you want redirected.   You have to use a Dynamic service ID.  0 only sends port 80.   (The WSA "asks" for what traffic it wants, the router config is all about limiting what can be asked for, and where it should go.)

0 Helpful

Go to solution
Joel Fox
Level 1
Level 1
In response to Ken Stieers

‎02-26-2014 09:43 AM

I knew it was something simple!  Now I remember going over this at the beginning with our server admin stating just that - "I bet this is where we change the port 443 stuff...."  Thank you for the reply!

0 Helpful
Customers Also Viewed These Support Documents