cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
364
Views
2
Helpful
4
Replies

Reinstalled WSA cannot be added to M300

Revantha
Level 1
Level 1

Hi,

I reinstalled a WSA (virtual instance) and the license token was added it all went well until the point of adding it to the M300. The IP address of the WSA is 10.5.179.162, the same with a different host name was tried to be added to the M300, as the point of establishing connection i get the below message :

"Add Web Security Appliance
Error — The host key for 10.5.179.162 appears to have changed.
It is possible that someone is trying to hijack the encrypted connection to the remote host. Please use the logconfig->hostkeyconfig command to verify (and possibly update) the SSH host key for 10.5.179.162.

"

I have cleared the SSH keys on the WSA  with the hostkeyconfig command yet I cannot add the  reinstalled WSA 10.5.179.162 to the M300, when I click on submit to add  nothing happens even after 2 hours.

Cam anybody please help me to resolve this issue as I need to urgently get the WSA back online.

Thank you 

revantha

2 Accepted Solutions

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

what is the version of code running on M300 ?

WSA running this code ? 10.5.179.162 ?

if the WSA already added remove and check by issue the commands and scan again and check :

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/119177-ts-hijack-error-esa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

SMA should be always higher version than WSA to Manage.

Check compatible matrix and upgrade accordingly and check.

https://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/web-compatibility/index.html

Notes, make sure you have backup before upgrade both WSA and SMA

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

what is the version of code running on M300 ?

WSA running this code ? 10.5.179.162 ?

if the WSA already added remove and check by issue the commands and scan again and check :

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/119177-ts-hijack-error-esa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi

M300 is on 14.1.0-227 while the WSA is on 14.5.0-537, I did the same
procedure outlined in
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/119177-ts-hijack-error-esa-00.html

But it does not let me add the WSA back again..

regards

revantha

SMA should be always higher version than WSA to Manage.

Check compatible matrix and upgrade accordingly and check.

https://www.cisco.com/c/dam/en/us/td/docs/security/security_management/sma/sma_all/web-compatibility/index.html

Notes, make sure you have backup before upgrade both WSA and SMA

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you Balaji for your inputs