cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1371
Views
10
Helpful
7
Replies

Unable to connect WSA/SWA to SecureX

mark.wehling
Level 1
Level 1

Hi,

I'm trying to connect one of our WSA/SWAs (ASyncOS 14.5.0-537) to SecureX and not having any success.

Going by the instructions, I enable the SecureX setting under Network > Cloud Services Settings, and it shows as being enabled after committing the change. However, the instructions says "Wait for few minutes, and check whether the Register button appears on your appliance", which I have done, but this button never appears. This is how the Cloud Service Settings appear, and remain in this state:

WSA cloud service settings.gif


 

 

 

 

As you can see, the Deregister button is greyed out so I am unable to use this. The supplied explanation is as follows:
WSA cloud service deregister.gif

 

 

 

 

I've checked in SecureX under Device Manager and the WSA/SWA is not showing as having been connected (I haven't been given the prompt to enter the device token on the WSA/SWA).

I can't seem to find any articles on how to overcome this issue. Does anyone have any advice?

7 Replies 7

amojarra
Cisco Employee
Cisco Employee

Hi @mark.wehling 

 

may I ask you please check these:

[1] nslookup api.eu.sse.itd.cisco.com   

[2] telnet the api.eu.sse.itd.cisco.com on port 443 >-nslookup api.eu.sse.itd.cisco.com 

[3] Also please check packet capture to see if there is any issue conencting your WSA to api.eu.sse.itd.cisco.com

[4] you have selected WSA in Secure-X (sometimes it happens to be SMA)

 

 

thanks 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Hi @amojarra 

I tried what you have suggested above, but queried against api.apj.sse.itd.cisco.com as we are located in APJ region.
I was able to successfully resolve the hostname, and can telnet from the WSA to api.apj.sse.itd.cisco.com over port 443 (see below).

WSA telnet to securex.png

When trying to enable the WSA in SecureX I have gone here:
SecureX WSA enable.png

After going into the above I opened the device manager and generated a token for the WSA, but this is where it doesn't go any further
SecureX device manager.png

amojarra
Cisco Employee
Cisco Employee

Hi @mark.wehling 

Sorry for late reply 

thanks for the detailed information  

 

did you check this: Integrate and Troubleshoot SecureX with Web Security Appliance (WSA) - Cisco

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Hi @amojarra ,

Thankyou for this. I have managed to get one of our WSAs connected to SecureX via this article, however, our primary one still does not work.

I have looked in the sse_connectord_log file on the primary WSA and can see the following entries

sse_connectord_log.png

Judging by the entries, the connector looks to be somehow configured to connect to the local host address. Do you have any ideas how this can be reset/re-configured?

amojarra
Cisco Employee
Cisco Employee

So happy to hear that  

at least we have 50% improvement.

could you please try to re-do step3 of the link?

I mean disable > commit > enable > commit 

and then the rest of the steps please 

 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

Hi @amojarra ,

I have raised a case with TAC to see if they can assist with resolving this issue. We did try doing what you suggested, but still no luck.

 

In working through this with TAC, it seems that when I've attempted to set this up in the past it has connected to SecureX (not sure where?) and once connected you cannot un-link/re-register. It looks like this may be an inherent bug in ASyncOS 14, which TAC is investigating.

When I hear more from TAC and/or they provide a solution, I'll provide details here.

Cheers

amojarra
Cisco Employee
Cisco Employee

Thanks for the update @mark.wehling 

 

hope the issue will be solve soon

feel free to reach out if anything is needed

 

BR,