Problem with ASA and Blue Coat

Answered Question
Jul 25th, 2008

Hi,

We have ASA 5520 in our network. Blue Coat (SG 510) is connected behind the ASA for web filtering. Blue Coat is configured as transparent device.

Blue Coat IP is 10.138.74.5.

Now the problem is from last one moth I am getting high BW utilization issue. Whenever I have connected the Blue Coat the BW utilization increased very high.

We have 4 MB internet link and sometimes it choke the entire BW. If I removed the Blue Coat everything normalized and working fine.

To resolve this issue I checked with Blue Coat vendor and after long experiment they told that problem with ASA configuration.

In Blue Coat logs we are getting lots public ip which should show internal ip only.

I have checked my ASA access-list configuration and didn't get anything wrong.In my ASA I have access-list configured for inbound access in Outside interface only.

I have attached my ASA configuration and Blue Coat logs.

Any kind of help would be appreciated….

Regards,

som

I have this problem too.
0 votes
Correct Answer by dhananjoy chowdhury about 8 years 5 months ago

Hi, Can you try configuring the Web Access Layer rules as per below:

1 Allow only your inside IP subnets to Any Destination

2 Deny any(source) any(Destination)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dhananjoy chowdhury Sat, 07/26/2008 - 01:19

Hi Somenath,

I filtered the requests from the Public Ip's in the Blucoat logs you have provided.

All these requests were of the following types :

TCP_MISS = The requested object was not in the cache.

TCP_NC_MISS = Object returned from the origin server was non-cacheable.

TCP_PARTIAL_MISS = Object is in cache, but retrieval from the origin server is in progress.

TCP_ERR_MISS = An error occurred while retrieving the object from the origin server.

TCP_TUNNELED = The CONNECT method was used to tunnel this request (generally proxied HTTPS).

It is possible that the Bluecoat device is misconfigured which is allowing connections like an open proxy.

If you are allowing incoming connections from the internet to the Bluecoat Public IP then you need to block it.

Please share your ASA config, which will help to analyse better.

somnath21 Sat, 07/26/2008 - 02:26

Plz find my ASA config..

plz help to resolve this issue.

Thanks,

som

dhananjoy chowdhury Sat, 07/26/2008 - 03:36

Sorry , I missed your statement above " Bluecoat device is in transparent mode" so the possibility of the bluecoat device as open proxy is ruled out.

Now I am still thinking of how the request from a Public IP is reaching your bluecoat device.

Correct Answer
dhananjoy chowdhury Sun, 07/27/2008 - 00:41

Hi, Can you try configuring the Web Access Layer rules as per below:

1 Allow only your inside IP subnets to Any Destination

2 Deny any(source) any(Destination)

somnath21 Sun, 07/27/2008 - 20:56

Hi,

Sorry for late reply!

Now I removed that device from network. Today night I will do the configuration and let you know.

Regards,

som

somnath21 Tue, 08/05/2008 - 03:51

Hi,

yes, I had done that one.

I had removed the entire policy configuartion and given permission any any.It was working fine.After that I have configured the visual policy freshly and it is working fine.

thanx a lot to u!!

Actions

This Discussion