MSN messenger over ACNS

Answered Question
Mar 24th, 2007

Hi,


Is there any way to make the ACNS to allow msn messenger to connect through it.

For a reason a blocked the default port for MSN (1863) to force it to use the port 80 so the traffic is directed to ACNS over WCCP as it is WEB traffic. It's directed but the MSN does not connect.

If i block the port 1863 and stop sending http traffic to wccp the MSN uses port 80 and connects fine.


Thanks



Correct Answer by joquesada about 9 years 11 months ago


Hi,


Is good to know that you were able to find the workaround. Actually I was on the lab testing this due that I noticed that you had 2671 bypassed requests. Definitely bypassing authenticated traffic is going to resolve the issue, but I also wanted to recommend you to try another solution.


Add these commands to the CE:


- http cache-authenticated all

- http cache-cookies


and remove the bypass auth-traffic command.


This would allow the CE to cache as much as possible of the transaction. I tested and it works just fine and the CE is seeing cache hits.


As a side note, I noticed that the messenger goes on port 80 so you don't have to worry about the port 1863.


Thanks & Regards,


Jose.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
joquesada Sun, 03/25/2007 - 17:36


Hi,


Can you attach a sh tech from the CE? I'll run some tests in the lab, but having a sh tech from the CE would help a lot to understand your setup. Thanks!


Regards,


Jose Quesada.


guibarati Mon, 03/26/2007 - 04:32

Sure, here is the show tech.

 

by the way, I have an ASA diverting traffic over WCCP to the ACNS.

 

 

 

joquesada Mon, 03/26/2007 - 10:45


Hi,


I noticed in the sh tech that the WCCP services seem to have synchronization problems with the ASA. The only services that seem to be running properly are the web-cache and the service 90 which you configured for the port 1863. I'll assume WCCP is working properly, as the CE is logging requests being received. Make sure the ASA is redirecting traffic with these commands: 'sh wccp' 'sh wccp web-cache detail' 'sh wccp 90 detail'. Please attach the outputs.


I'll look into this issue and get back to you. Thanks!


Regards,


Jose.


guibarati Mon, 03/26/2007 - 11:01

Acctually i delete the other services from ASA, but i don't think that it's the problem because I have the web-cache working fine. and when I block port 1863 on ASA avoiding the msn to connect directly the msn try to use the port 80 to connect, ans is treated as web traffic and diverted to the ACNS. I have a Websense on ACNS and it logs the try of access. (But doesnt access even if i disable the websense)

guibarati Mon, 03/26/2007 - 13:19

Hi, Jose Thanks for your help I just found out what was wrong.

For the MSN to connect I had to configure the ACNS to bypass authentication traffic.

I have done that in the path:


Caching -> Bypass -> Authentication Bypass = on


Thanks again

Correct Answer
joquesada Mon, 03/26/2007 - 14:37


Hi,


Is good to know that you were able to find the workaround. Actually I was on the lab testing this due that I noticed that you had 2671 bypassed requests. Definitely bypassing authenticated traffic is going to resolve the issue, but I also wanted to recommend you to try another solution.


Add these commands to the CE:


- http cache-authenticated all

- http cache-cookies


and remove the bypass auth-traffic command.


This would allow the CE to cache as much as possible of the transaction. I tested and it works just fine and the CE is seeing cache hits.


As a side note, I noticed that the messenger goes on port 80 so you don't have to worry about the port 1863.


Thanks & Regards,


Jose.




guibarati Tue, 04/10/2007 - 09:29

Hi, I tried that and it worked with this commands the msn is able to connect also.

Now I'm having another problem, when I need access to some website that redirects HTTP to HTTPS it seems that the content engine does not foward the traffic to the local host.


I see that the CE initiates a connection to HTTP port in the site, then the site responds the connection redirecting it to HTTPS and not is being blocked on the firewall, but the host does not access the website. If i access straight with an "https://" in the host's browser it works fine. Some idea?


Tnaks

joquesada Tue, 04/10/2007 - 20:50


Hi,


Do you receive any error message on the browser? I would check if Websense allows all HTTPS sites, or at least the one you are trying to access. what happens if you disable Websense for a quick test?...or if you add the HTTPS web site to the allowed sites list? Thanks!


Regards,


Jose.




Actions

This Discussion