cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17710
Views
0
Helpful
7
Replies

Problem with ASA and Blue Coat

somnath21
Level 1
Level 1

Hi,

We have ASA 5520 in our network. Blue Coat (SG 510) is connected behind the ASA for web filtering. Blue Coat is configured as transparent device.

Blue Coat IP is 10.138.74.5.

Now the problem is from last one moth I am getting high BW utilization issue. Whenever I have connected the Blue Coat the BW utilization increased very high.

We have 4 MB internet link and sometimes it choke the entire BW. If I removed the Blue Coat everything normalized and working fine.

To resolve this issue I checked with Blue Coat vendor and after long experiment they told that problem with ASA configuration.

In Blue Coat logs we are getting lots public ip which should show internal ip only.

I have checked my ASA access-list configuration and didn't get anything wrong.In my ASA I have access-list configured for inbound access in Outside interface only.

I have attached my ASA configuration and Blue Coat logs.

Any kind of help would be appreciated….

Regards,

som

1 Accepted Solution

Accepted Solutions

Hi, Can you try configuring the Web Access Layer rules as per below:

1 Allow only your inside IP subnets to Any Destination

2 Deny any(source) any(Destination)

View solution in original post

7 Replies 7

Hi Somenath,

I filtered the requests from the Public Ip's in the Blucoat logs you have provided.

All these requests were of the following types :

TCP_MISS = The requested object was not in the cache.

TCP_NC_MISS = Object returned from the origin server was non-cacheable.

TCP_PARTIAL_MISS = Object is in cache, but retrieval from the origin server is in progress.

TCP_ERR_MISS = An error occurred while retrieving the object from the origin server.

TCP_TUNNELED = The CONNECT method was used to tunnel this request (generally proxied HTTPS).

It is possible that the Bluecoat device is misconfigured which is allowing connections like an open proxy.

If you are allowing incoming connections from the internet to the Bluecoat Public IP then you need to block it.

Please share your ASA config, which will help to analyse better.

Plz find my ASA config..

plz help to resolve this issue.

Thanks,

som

Sorry , I missed your statement above " Bluecoat device is in transparent mode" so the possibility of the bluecoat device as open proxy is ruled out.

Now I am still thinking of how the request from a Public IP is reaching your bluecoat device.

Hi, Can you try configuring the Web Access Layer rules as per below:

1 Allow only your inside IP subnets to Any Destination

2 Deny any(source) any(Destination)

Hi,

Sorry for late reply!

Now I removed that device from network. Today night I will do the configuration and let you know.

Regards,

som

Hi,

yes, I had done that one.

I had removed the entire policy configuartion and given permission any any.It was working fine.After that I have configured the visual policy freshly and it is working fine.

thanx a lot to u!!

cool... Glad to know that its working :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: